A critical security flaw in Apache Commons Text has been compared to the infamous Log4Shell flaw, but experts say it is not as widespread. Apache Commons Text is an open source Java library made specifically for working with strings.
Alvaro Munoz, a researcher at GitHub’s Security Lab, identified the library’s arbitrary code execution vulnerability in March. It is caused by variable interpolation and untrusted data processing. The vulnerability, identified as CVE-2022-42889, was patched last week with the release of version 1.10.0 by the Apache Commons development team.
Since its disclosure almost a year ago, Log4Shell, which affects the widely used Log4j Java logging framework, has been used in numerous attacks.
Read More: Critical Apache Commons Text Flaw Compared to Log4Shell, But Not as Widespread
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.