What You Need to Know About Text4Shell, CVE-2022-42889

favicon

CloudWize is the first out-of-the-box Cloud Security Center of Excellence (CSCoE) solution that helps companies easily guard their cloud by having maximum cloud security and compliance with minimal effort. Get 360° protection from architecture design to runtime and have peace of mind.

A new vulnerability makes waves as hackers are starting to exploit it. 

What is it exactly? 

It’s a flaw in Apache Commons Text, an open-source Apache library. 

Text4Shell, lets an attacker execute arbitrary code on the victim’s machine (Remote Code Execution, aka “RCE”).

Remember Log4Shell from last year? This vulnerability is similar to it by processing values in a way that invokes internal functionalities, which could result in executing malicious code. However, for the ability for an attack to occur, you must have the vulnerable version plus the pattern. Otherwise, it can’t be exploited. 

What are the risks? 

An attacker can inject malicious input containing keywords that can trigger:

1) A DNS request

2) A call to a remote URL

3) An inline script to execute

 CVE-2022-42889, aka Text4Shell, ranked at 9.8 out of 10.0 on the CVSS scale and affected versions 1.5 through 1.9 of the library.

We recommend upgrading the package to version 1.10.0.

CloudWize users got alerted automatically as we collect CVEs regularly. 

See how easy it is on CloudWize platform: 

Join our weekly demo

Once a week our CEO, Chen Goldberg is giving a group demo. 

In this demo he’s showing how to gain maximum cloud security and compliance using CloudWize platform. 

We use cookies and tracking technologies to improve your experience on our website and for analytics purposes. By using and accessing this site, you agree to our Terms of Use and Privacy Policy