Pharos Response to Text2Shell Vulnerability - December 2022

Pharos software is NOT susceptible to the new Text2Shell vulnerability

Background 

Recently, a security vulnerability was discovered inside the Apache tool Text2Shell 

The vulnerability is rated as “Critical” because it allows remote execution of Javascript on application servers.  

The vulnerability exists within versions 1.5 - 1.9 of Text2Shell. Administrators are urged to upgrade to version 1.10. 

Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.

Pharos Software and Text2Shell 

Pharos has reviewed all our software, 3rd party tools/libraries, internal infrastructure and cloud infrastructure and can confirm that we do not use the Text2Shell tool anywhere.