On 2022-10-13, the Apache Commons Text team disclosed CVE-2022-42889 . Key takeaways: If you rely on software that uses a version of commons-text prior to 1.10.0, you are likely still not vulnerable: you are only affected when this software uses the StringSubstitutor API without properly sanitizing any untrusted input. If your... [Read more...]
Posted at 04:13PM Oct 18, 2022 by raboof in General