all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Newly Disclosed Vulnerability in Apache Commons Text Allows for RCE (CVE-2022-42889)

Add to bookmarks
Oct. 24, 2022, 1:12 a.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

UPDATE #1 2022/10/20: Updated protection section with IPS coverage.FortiGuard Labs is aware of reports of a recent vulnerability in Apache Commons, which allows for remote code execution. Assigned, CVE-2022-42889, Apache Commons Text prior to 1.10.0 allows remote code execution (RCE) when applied to untrusted input due to insecure interpolation defaults.What are the Details of this Vulnerability?According to Apache, version 1.5 and 1.9 of Apache Commons are affected. Apache Commons suffers from default Lookup instance where included interpolators could result in …

apache apache commons apache commons text commons commons text cve cve-2022-42889 rce text vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Check Point Quantum Security Gateways Information Disclosure Vulnerability (CVE-2024-24919) 1 day, 11 hours ago | fortiguard.fortinet.com
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679) 5 days, 9 hours ago | fortiguard.fortinet.com
code code execution command command injection +29
Genesis Market Malware Attack 1 week, 3 days ago | fortiguard.fortinet.com
attack campaign counterfeit dismantled +26
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671) 2 weeks, 5 days ago | fortiguard.fortinet.com
browser can chrome chromium +15
GitLab Password Reset Vulnerability (CVE-2023-7028) 3 weeks, 1 day ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 3 weeks, 3 days ago | fortiguard.fortinet.com
actor arbitrary code can code +21
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 3 weeks, 5 days ago | fortiguard.fortinet.com
access advisory application attackers +29
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 1 month ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 1 month ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com