Security News > 2022 > October > Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability
WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022.
While the issue was originally reported in early March 2022, the Apache Software Foundation released an updated version of the software on September 24, followed by issuing an advisory only last week on October 13.
"Apache Commons Text must be used in a certain way to expose the attack surface and make the vulnerability exploitable."
Users who have direct dependencies on Apache Commons Text are recommended to upgrade to the fixed version to mitigate potential threats.
According to Maven Repository, as many as 2,593 projects use the Apache Commons Text library.
The Apache Commons Text flaw also follows another critical security weakness that was disclosed in Apache Commons Configuration in July 2022, which could result in arbitrary code execution through the variable interpolation functionality.
News URL
https://thehackernews.com/2022/10/hackers-started-exploiting-critical.html
Related news
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)