We'd like to make you aware of an update pertaining to the security of our systems and your data. Our Tealium security and engineering teams became aware of a critical vulnerability score assessment attached to a widely-used software component (Apache:Commons_Text) CVE-2022-42889.
We immediately investigated the vulnerability and potential exploits and are proud to report that the Tealium codebase and infrastructure are not susceptible to this vulnerability. Tealium does not utilize the function in this code which is vulnerable to attack (interpolators).
Despite not using the vulnerable function, Tealium is actively working to upgrade this component to the latest version (1.10), which disabled the interpolators function completely.
Tealium is data-first and protecting your most valuable asset is of the highest importance to us. We continue to diligently monitor our network and systems for any exploit attempts and will always keep you informed. You can follow this post for continued updates on the issue.
Please don't hesitate to connect with your account team if you have any questions.