Depends a lot on how many Spring apps out there have the prereqs to be vulnerable. The widespread nature of Log4Shell is what made it “worse” than other RCE vulns. I don’t have a sense of how many vulnerable instances of this one might be out there but the number could be enormous.