...
We recommend running package scans on your system to start analyzing and consult with your security team whether any packages are insecure, and keep following updates on the CVE and Spring’s documentation for updates about more attack vectors as well as updates from Atlassian’s security team. Keep checking for important security updates on your system.
Stay tuned for Atlassian’s public security advisories, which are usually posted here: https://confluence.atlassian.com/security/articles-951406100.html, and their FAQ’s which are usually posted here: https://confluence.atlassian.com/kb/atlassian-knowledge-base-179443510.html
These are the requirements for being vulnerable from the specific scenario from the Spring report (as of 20:30 CET):
...