(As of November 14, 2022, via the Wowza Streaming Engine Product Owner)
After extensive investigation of the CVE as currently written, we have found that CVE-2022-42889 does not impact the Wowza Streaming Engine. We are continuing to monitor the CVE as it is currently “UNDERGOING REANALYSIS”. We will review further once they’ve posted updates on their findings.
To proactively mitigate any concerns ensure each “live application” has source authentication enabled (it is configured this way by default). We outline the process here:https://www.wowza.com/docs/how-to-enable-username-password-authentication-for-rtmp-and-rtsp-publishing#configure-source-authentication-for-the-server0
Moving forward, to mitigate security scans reporting this Wowza plans to integrate the updated Apache Commons Text component 1.10 in the next Wowza Streaming Engine release in early 2023.