Critical vulnerability surfaces in Apache Commons Text library

Researchers are tracking a critical vulnerability in the Apache Commons Text library that could enable remote code execution. The vulnerability, which can only be exploited if Java code passes attacker-controlled data to specific library functions, is not expected to be as serious as the Log4j vulnerability disclosed 10 months ago. However, researchers from GreyNoise are aware of proof-of-concept code that triggers the vulnerability in a controlled environment.