Second of all, the blog did add more information
"In our experimentation, exploitation of this vulnerability had high fidelity, with a near 100% success rate and can be leveraged to a full remote code execution. The attack vector is unauthenticated and remote, requiring only a specially crafted HTTP request to the target server. It affects the default configuration of popular frameworks. "
In the end - if it helped spreading the news about this risk so teams can fix them faster, then this is our end-goal with these blog posts : )