Security News > 2022 > July > Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know
2022-07-08 18:59

Well, the bug CVE-2022-33980, which doesn't have a catchy name yet, is a very similar sort of blunder in the Apache Commons Configuration toolkit.

The name's quite a mouthful: Apache Commons is another Apache project that provides numerous Java utilities that provide a wide range of handy programming toolkits.

One of these is Commons Configuration, which lets Java apps work with configuration files of a wide range of different formats, including XML, INI, plist, and many more.

As the project itself says, "The Commons Configuration software library provides a generic configuration interface which enables a Java application to read configuration data from a variety of sources."

According to the Commons Configuration team, this "Interpolation" bug was introduced in version 2.4 and patched in version 2.8.0.

If you have any Java software that uses the Apache Commons Configuration library, update as soon as you can!


News URL

https://nakedsecurity.sophos.com/2022/07/08/apache-commons-configuration-toolkit-patches-log4shell-like-bug/

Related Vulnerability

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 544 711 366 1634