The Text4Shell vulnerability, tracked underneath CVE-2022-42889, began drawing doubtlessly malicious exercise this week.
Researchers at Wordfence issued a menace advisory urging safety groups to replace their Apache Commons Text library to the patched model 1.10.0. The workforce started monitoring Text4Shell, which has been given a CVSS rating of 9.8, on Oct. 17, and by Oct. 18 they began seeing makes an attempt to use it.
While the menace does have many similarities to final 12 months’s Apache Log4j library bug, Wordfence safety researchers say Text4Shell poses much less of a menace.
“While the vulnerability itself is much like final 12 months’s vulnerability CVE-2021-44228 in Apache’s log4j library, the Apache Commons Text library is much much less extensively utilized in an unsafe method and the chance of profitable exploitation is considerably decrease,” the workforce defined of their newest advisory.