[Information Security Daily]On October 19, 2022, Apache patched a major vulnerability in Commons Text, and a major RCE vulnerability appeared in the penetration testing tool Cobalt Strike.

Apache patched the major vulnerability CVE-2022-42889 at the end of September for its library Commons Text, and issued a warning recently. This vulnerability has attracted the attention of many researchers, but why? Some information security experts pointed out that since many Java projects use this library, the severity is likely to be close to Log4Shell. Penetration testing tool Cobalt Strike recently released an update to patch an RCE vulnerability CVE-2022-42948 caused by an incomplete patch in late September. The software developer said the vulnerability involved the framework used by the tool.