logo

Text4shell (CVE-2022-42889)

  • Risk:
  • High

  • Type:
  • Active
Summary

Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).

Solution

Upgrade Apache Commons Text prior to version 1.10.0 or newer.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/

Free security scan for your website