Sign Live! CC v7.1.12 and older use the commons-text library version 1.9, for which the vulnerability CVE-2022-42889 was published.
Despite the high rating, there is no risk for you, as the library is only parameterized internally within the application and never comes into contact with external inputs. Exploitation of the vulnerability by an attacker outside the system can therefore be ruled out.
The library is expected to be updated by the end of 2024 as part of a Sign Live! CC release.
Published to
September 17, 2024