From darkreading.com
![apache website login on mobile phone screen](https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/bltb2a6525bd85db0b9/634dad4559df845cc0dab36f/asf_Piotr_Swat_shutterstock.jpg?quality=80&format=jpg&width=690)
Researchers are closely tracking a critical, newly disclosed vulnerability in Apache Commons Text that gives unauthenticated attackers a way to execute code remotely on servers running applications with the affected component.
The flaw (CVE-2022-42889) has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and exists in versions 1.5 through 1.9 of Apache Commons Text. Proof-of-concept code for the vulnerability is already available, though so far there has been no sign of exploit activity.