Dangerous hole in Apache Commons Text – like Log4Shell all over again

Java programmers love string interpolation features. If you’re not a coder, you’re probably confused by the word “interpolation” here, because it’s been borrowed as programming jargon where it’s not a very good linguistic fit… …but the idea is simple, very powerful, and sometimes spectacularly dangerous.

Read full article on Naked Security

 


Date:

Categorie(s):