Threat Management, Vulnerability Management

Apache Commons Text vulnerability not as wide-reaching as Log4Shell

SecurityWeek reports that while cybersecurity experts have compared the critical Apache Commons Text security vulnerability, tracked as CVE-2022-42889, to the Log4Shell flaw, it is not expected to be as widespread as the latter. The arbitrary code execution flaw, also known as Act4Shell and Text4Shell, has been described by Sophos to be dangerous although it is not as easily exploitable as the Log4j bug. Such a flaw is also expected to be less prevalent as CommonText usage is lower than Log4j, according to security researcher Sean Wright and GitHub Security Lab researcher Alvaro Munoz, who discovered the vulnerability in March. Meanwhile, Rapid7 researchers cautioned against comparing both flaws. "The nature of the vulnerability means that unlike Log4Shell, it will be rare that an application uses the vulnerable component of Commons Text to process untrusted, potentially malicious input," said Rapid7. Organizations have been urged to immediately remediate the flaw, which has already been patched by Apache.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.