Site icon Cloudian

Apache Common Text Vulnerability Guidance

Vulnerabilities have been identified in the Apache Commons Text. Cloudian took immediate action and has provided patches to remediate the issue. Data security is a foremost concern at Cloudian. This blog further explains the issue and outlines the steps that Cloudian has taken. Cloudian customers are strongly advised to prioritize and implement the Cloudian patch updates.

What’s is the Apache Commons Text (aka Text4Shell) vulnerability?

The originally reported CVE-2022-42889 is remote code execution (RCE) vulnerability that affects the Apache Commons Text software library. A security researcher reported that using this vulnerability, the library’s default interpolators may lead to unsafe script evaluation and can result in code execution when processing malicious input. In short, using the library with its default configurations together with the right malicious input can lead to unwanted malicious code execution.

What is the concern?

There are known exploitations for this CVSS 9.8 critical vulnerability, where it is possible that the default Lookup instances include variable interpolators that could result in code execution when processing malicious input.

The vulnerability strongly resembles the previous Log4Shell vulnerability. Thus the feeling among experts is that the vulnerability could potentially result in a similar remote code execution. Security researchers are emphasizing the need to take immediate action to update to the latest 1.10.0 version of the Apache libraries.

Cloudian’s findings and recommendations

Cloudian has responded to potential threat of exploitation of a critical remote code execution (RCE) vulnerability (CVE-2022-42889) in Apache Commons Text software library, versions 15 to 1.9 and being called the “Text4Shell” vulnerability.

Additional information and resources

The following Cloudian Knowledgebase Articles as Security Advisories are available for external use by Customers by accessing the Cloudian Support Portal at https://cloudian-support.force.com.

Click to rate this post!
[Total: 9 Average: 5]
Exit mobile version