It was recently confirmed that Spring4Shell has at least one RCE vulnerability in the Spring framerwork. Investigation is still in progress, and you can expect updates as analyses get completed. So far ( 21:00 CET) we point to these sources:
VMWare has published a CVE under CVE-2022-22965.
You can read Spring’s public announcements here: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement.
There is another article with in-depth analysis on how to test and patch for the weakness here: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/.
...