UPDATE: The OpenSSL Project has officially disclosed two high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. These CVEs impact all OpenSSL versions after 3.0. The sole exception is version 3.0.7, which contains fixes for those latest vulnerabilities. Previously, these CVEs were thought to be “critical.” Learn more here.
OpenSSL 3.0.7 and “Text4Shell” won’t be the last critical vulnerabilities to plague your development team. Here’s how contextual data, Docker, and Atomist can help you remediate.
Learn more about the CVE-2022-42889, aka “Text4Shell” vulnerability in the “Apache Commons Text” Java library — and how Docker Security Scans identify it.