InfoSec News Nuggets 10/19/2022

CVE-2022-42889: Keep Calm and Stop Saying "4Shell"  A previous version of this blog indicated that five JDK versions (JDK 15+) were not impacted due to the exclusion of the Nashorn JavaScript engine. However, an updated PoC came out that uses the JEXL engine as an exploit path. If JEXL is present, the code executes successfully, so this issue can be exploited on any JDK where a relevant engine can be leveraged. CVE-2022-42889, which some have begun calling “Text4Shell,” is a vulnerability in…
Read More