Reviewing CVE-2022-42889: Arbitrary Code Execution Vulnerability in Apache Commons Text (Text4Shell)
First things first, let’s be clear that this is NOT a new Log4Shell or Spring4Shell vulnerability. Although it is a remote code execution issue, the impact is neither as severe nor as easily exploitable as the issue in Log4j from December 2021. Similar to the Log4j issue, the essence of the problem is that you can perform a lookup that …
Read More »