CVE-2022-42889: Apache Commons Text Vulnerability

katrien.vandenberghe · November 3, 2022, 1:56pm

Hi,

I’ve been looking around your announcements / blogs and couldn’t find a related message, so apologies if I’ve missed it. Can you provide any info on if you are using the vulnerable Apache Commons Text Vulnerability library?
If so are there any mitigations we need to take?

Thanks in advance
Best Regards

Katrien

ty.frith · November 3, 2022, 9:27pm

Hey there @katrien.vandenberghe welcome to the community!

Once alerted to CVE-2022-42889, the Apache Commons Text Vulnerability, Okta Engineering and Security conducted an investigation and confirmed that the Okta service is not currently impacted. This includes the Auth0 service.

Hope this helps to clear up any concern

katrien.vandenberghe · November 7, 2022, 10:01am

Thanks for your reply!

ty.frith · November 7, 2022, 1:44pm

No problem, happy to help!

Topic		Replies	Views
Log4j CVE-2021-44228 Product Feedback security	3	2308	December 22, 2021
Public Disclosure FAQ Archived announcements , faq	3	6335	August 27, 2019
Important - Auth0 Public Disclosure Archived announcements	3	9333	August 27, 2019
Omniauth-auth0 - Vulnerability fix Get Help ruby	7	3410	March 11, 2021
Is Auth0 affected by the recent Okta Oct 2023 breach Get Help security-question-concern , security-compliance	5	1939	December 19, 2023

CVE-2022-42889: Apache Commons Text Vulnerability

Related topics