Security News > 2022 > October > Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022.

While the issue was originally reported in early March 2022, the Apache Software Foundation released an updated version of the software on September 24, followed by issuing an advisory only last week on October 13.

"Apache Commons Text must be used in a certain way to expose the attack surface and make the vulnerability exploitable."

Users who have direct dependencies on Apache Commons Text are recommended to upgrade to the fixed version to mitigate potential threats.

According to Maven Repository, as many as 2,593 projects use the Apache Commons Text library.

The Apache Commons Text flaw also follows another critical security weakness that was disclosed in Apache Commons Configuration in July 2022, which could result in arbitrary code execution through the variable interpolation functionality.

News URL

https://thehackernews.com/2022/10/hackers-started-exploiting-critical.html