A recently discovered vulnerability with the Apache Commons Text was reported to Apache. Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
These lookups and their actions are:
- script: execute expressions using the JVM script execution engine (javax.script)
- dns: resolve dns records
- url: load values from urls
The url lookup includes values from remote servers Applications, which can allows for remote code execution or unintentional contact with remote servers if untrusted configuration values are used.
Are there any steps required, or do I need to take any actions to mitigate the Apache Commons Text Vulnerability as reported?
No action is required by cPanel users at this time.
After discussing this vulnerability with our developers and security team it was determined that cPanel/WHM is not affected by this vulnerability, and as such no mitigation steps are required in your cPanel servers.