Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Apache Commons Text Library
Alerts

Critical Vulnerability in Apache Commons Text Library

18 October 2022

The Apache Software Foundation has released security updates to address a critical vulnerability (CVE-2022-42889) in their Apache Commons Text library. It has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10. 

The vulnerability affects Apache Commons Text versions 1.5 through 1.9 as these versions allow the evaluation of interpolators such as "script", "dns" and "url". Successful exploitation could allow an unauthenticated attacker to perform arbitrary remote code execution (RCE) or contact with remote servers. A proof-of-concept exploit for this vulnerability is reportedly available.

Administrators and users of the Apache Commons Text library are advised to upgrade to version 1.10.0 immediately.

More information is available here:
https://nvd.nist.gov/vuln/detail/CVE-2022-42889
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
https://www.darkreading.com/application-security/researchers-keep-a-wary-eye-on-critical-new-vulnerability-in-apache-commons-text

Back to top