Apache has published a security advisory to address vulnerabilities affecting the following product on the 13th of October 2022. It is recommended that you take the necessary precautions to ensure your products are always protected.
Apache Commons Text – versions prior to 1.10
For more information on this update, you can follow this URL:
The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary.
PDF Download: Apache Security Advisory.pdf
CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation default. (13th of October 2022). Reviewed from Apache:
Critical Vulnerability in Apache Commons Text Library. (18th of October 2022). Reviewed from SingCERT: