Apache has published a security advisory to address vulnerabilities affecting the following product on the 13th of October 2022. It is recommended that you take the necessary precautions to ensure your products are always protected.
Apache Commons Text – versions prior to 1.10
For more information on this update, you can follow this URL:
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary.
PDF Download: Apache Security Advisory.pdf
References
CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation default. (13th of October 2022). Reviewed from Apache:
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
Critical Vulnerability in Apache Commons Text Library. (18th of October 2022). Reviewed from SingCERT: