cancel
Showing results for 
Search instead for 
Did you mean: 

Data Insight - CVE-2022-42889 vulnerability in Apache Commons Text, dubbed "Text4Shell"

Pix_R
Level 5

Is DI vulnerable to the newly disclosed vulnerability?

This is not log4shell and is a new disclosure.

 

Thank you
Pix

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

ManojChanchawat
Level 3
Employee

Data Insight does not use the mentioned module in the Apache Commons Text library. Hence DI is not impacted by this Remote Code Execution (RCE) vulnerability. However, we always recommend customers go with the latest DI version upgrade, as it contains security upgrades and fixes. Please reach out to your support engineer for more details and an official response. 

I often refrain from commenting on the issues here, which have "Open\In-progress" veritas support cases under investigation, but this was important. 

View solution in original post

2 REPLIES 2

ManojChanchawat
Level 3
Employee

Data Insight does not use the mentioned module in the Apache Commons Text library. Hence DI is not impacted by this Remote Code Execution (RCE) vulnerability. However, we always recommend customers go with the latest DI version upgrade, as it contains security upgrades and fixes. Please reach out to your support engineer for more details and an official response. 

I often refrain from commenting on the issues here, which have "Open\In-progress" veritas support cases under investigation, but this was important. 

Pix_R
Level 5

Thank you Manoj. I did open a case as I needed an official statement.

I appreciate the quick response.