Apache Commons Text is vulnerable to Arbitrary Code Execution. The vulnerability exists in the lookup module due to insecure interpolation defaults when untrusted configuration values are used which allows an attacker to inject arbitrary code into the system.

CPENameOperatorVersion
apache commons textle1.9
candlepineq4.1.14__1.el8sat
candlepineq4.1.20__1.el8sat
candlepineq4.1.15__1.el8sat
candlepineq4.1.19__2.el8sat
candlepineq4.1.19__1.el8sat
candlepineq4.1.13__1.el8sat
jenkinseq2.346.3.1663600263__1.el8
jenkinseq2.303.3.1637595827__1.el8
jenkinseq2.361.1.1669892772__1.el8

Name	Operator	Version
apache commons text	le	1.9
candlepin	eq	4.1.14__1.el8sat
candlepin	eq	4.1.20__1.el8sat
candlepin	eq	4.1.15__1.el8sat
candlepin	eq	4.1.19__2.el8sat
candlepin	eq	4.1.19__1.el8sat
candlepin	eq	4.1.13__1.el8sat
jenkins	eq	2.346.3.1663600263__1.el8
jenkins	eq	2.303.3.1637595827__1.el8
jenkins	eq	2.361.1.1669892772__1.el8

Rows per page:

1-10 of 2141

References

packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html

seclists.org/fulldisclosure/2023/Feb/3

www.openwall.com/lists/oss-security/2022/10/13/4

www.openwall.com/lists/oss-security/2022/10/18/1

github.com/apache/commons-text/commit/b9b40b903e2d1f9935039803c9852439576780ea

lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022

security.gentoo.org/glsa/202301-05

security.netapp.com/advisory/ntap-20221020-0004/

nessus 27

cve 1

githubexploit 37

malwarebytes 1

ibm 33

f5 1

rapid7blog 3

gentoo 1

redos 1

atlassian 5

cnvd 1

osv 2

openvas 1

paloalto 1

qualysblog 4

github 1

debiancve 1

nvd 1

metasploit 1

ubuntucve 1

redhat 27

packetstorm 1

impervablog 1

checkpoint_advisories 1

zdt 1

prion 1

cvelist 1

redhatcve 1

wallarmlab 2

wordfence 1

fortinet 1

thn 1

hp 1

trellix 2

rocky 1

oracle 4

nessus

Oracle Enterprise Manager Agent (January 2023 CPU)

2024-04-02 00:00:00

Apache Commons Text 1.5.x < 1.10.0 Remote Code Execution (CVE-2022-42889)

2022-10-19 00:00:00

RHEL 8 : OpenShift Container Platform 4.9.59 (RHSA-2023:1524)

2024-04-28 00:00:00

cve

CVE-2022-42889

2022-10-13 13:15:10

githubexploit

Exploit for Code Injection in Apache Commons Text

2023-02-28 00:32:01

Exploit for Code Injection in Apache Commons Text

2022-10-18 09:58:00

Exploit for Code Injection in Apache Commons Text

2022-10-23 13:42:23

malwarebytes

Why Log4Text is not another Log4Shell

2022-10-19 19:00:00

ibm

Security Bulletin: Apache Commons Text as used by IBM QRadar SIEM is vulnerable to code execution [CVE-2022-42889]

2022-11-22 15:43:23

Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]

2022-11-28 14:07:14

Security Bulletin: IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]

2022-12-29 06:26:03

K24823443 : Apache Commons Text vulnerability CVE-2022-42889

2022-10-19 00:00:00

rapid7blog

Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)

2022-11-04 13:00:00

CVE-2022-42889: Keep Calm and Stop Saying "4Shell"

2022-10-17 20:36:16

Metasploit Weekly Wrap-Up 01/26/24

2024-01-26 21:12:17

gentoo

Apache Commons Text: Arbitrary Code Execution

2023-01-11 00:00:00

redos

ROS-20230922-01

2023-09-22 00:00:00

atlassian

Upgrade Apache Commons-text to mitigate CVE-2022-42889 (excludes bundled OpenSearch)

2022-10-24 22:35:59

Upgrade Apache Commons-text for CVE-2022-42889

2022-11-10 17:03:03

Upgrade OpenSearch to 1.3.7 to mitigate CVE-2022-42889

2022-12-06 23:56:26

cnvd

Apache Commons Text remote code execution vulnerability

2022-10-14 00:00:00

osv

Arbitrary code execution in Apache Commons Text

2022-10-13 19:00:17

CVE-2022-42889

2022-10-13 13:15:10

openvas

Apache Commons Text 1.5 - 1.9 RCE Vulnerability (Text4Shell)

2022-11-25 00:00:00

paloalto

Impact of Apache Text Commons Vulnerability CVE-2022-42889

2022-11-09 17:00:00

qualysblog

CVE-2022-42889: Detect Text4Shell via Qualys Container Security

2022-10-25 21:55:05

Text4Shell: Detect, Prioritize and Remediate The Risk Across On-premise, Cloud, Container Environment Using Qualys Platform

2022-10-27 17:59:44

The January 2023 Oracle Critical Patch Update

2023-01-18 00:43:03

github

Arbitrary code execution in Apache Commons Text

2022-10-13 19:00:17

debiancve

CVE-2022-42889

2022-10-13 13:15:10

nvd

CVE-2022-42889

2022-10-13 13:15:10

metasploit

Apache Commons Text RCE

2023-12-24 19:13:50

ubuntucve

CVE-2022-42889

2022-10-13 00:00:00

redhat

(RHSA-2023:1524) Critical: OpenShift Container Platform 4.9.59 security update

2023-04-05 23:19:11

(RHSA-2022:8902) Moderate: Red Hat Camel for Spring Boot 3.18.3 release and security update

2022-12-08 13:23:48

(RHSA-2023:0261) Critical: Satellite 6.12.1 Async Security Update

2023-01-18 14:49:14

packetstorm

Apache Commons Text 1.9 Remote Code Execution

2024-01-19 00:00:00

impervablog

Apache Commons Text vulnerability CVE-2022-42889

2022-10-18 18:30:39

checkpoint_advisories

Apache Commons Text Remote Code Execution (CVE-2022-42889)

2022-10-18 00:00:00

zdt

Apache Commons Text 1.9 Remote Code Execution Exploit

2024-01-21 00:00:00

prion

Design/Logic Flaw

2022-10-13 13:15:00

cvelist

CVE-2022-42889 Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

2022-10-13 00:00:00

redhatcve

CVE-2022-42889

2022-10-17 16:42:02

wallarmlab

New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889

2022-10-18 05:02:38

Q4-2022 API ThreatStats™ Report

2023-02-22 16:02:55

wordfence

Threat Advisory: Monitoring CVE-2022-42889 “Text4Shell” Exploit Attempts

2022-10-20 18:40:50

fortinet

Apache commons_text(CVE-2022-42889) and commons_configuration (CVE-2022-33980) vulnerability

2022-10-28 00:00:00

thn

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

2022-10-21 11:03:00

Apache Text4Shell and others update for Teradici Cloud Access Connector

2022-12-15 00:00:00

trellix

The Bug Report October 2022 Edition

2022-11-02 00:00:00

The Bug Report October 2022 Edition

2022-11-02 00:00:00

rocky

Satellite 6.13 Release

2023-05-05 15:39:58

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - April 2024

2024-04-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.972 High

EPSS

Percentile

99.8%

JSON

Related for VERACODE:37569