The Text4Shell vulnerability, tracked beneath CVE-2022-42889, began drawing doubtlessly malicious exercise this week.
Researchers at Wordfence issued a risk advisory urging safety groups to replace their Apache Commons Textual content library to the patched model 1.10.0. The crew started monitoring Text4Shell, which has been given a CVSS rating of 9.8, on Oct. 17, and by Oct. 18 they began seeing makes an attempt to use it.
Whereas the risk does have many similarities to final yr’s Apache Log4j library bug, Wordfence safety researchers say Text4Shell poses much less of a risk.
“Whereas the vulnerability itself is just like final yr’s vulnerability CVE-2021-44228 in Apache’s log4j library, the Apache Commons Textual content library is way much less broadly utilized in an unsafe method and the chance of profitable exploitation is considerably decrease,” the crew defined of their newest advisory.