1. Home
  2. Vulnerabilities
  3. CVE-2022-42889

CVE-2022-42889 (Text4Shell)

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 97.10 % (100th)
97.10% Progress
Affected Products 10
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
Alias
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2022-10-13 13:15:10
(23 months ago)
Updated Date
2024-01-19 16:15:08
(7 months ago)

Affected Products

Apache

Juniper

Netapp

Configuration #1

    CPE23 From Up To
  Apache Commons Text from 1.5 version and prior 1.10.0 version cpe:2.3:a:apache:commons_text >= 1.5 < 1.10.0

Configuration #2

    CPE23 From Up To
  Netapp Bluexp cpe:2.3:a:netapp:bluexp:-

Configuration #3

AND
    CPE23 From Up To
OR  
  Juniper Security Threat Response Manager prior 7.5.0 version cpe:2.3:a:juniper:security_threat_response_manager < 7.5.0
OR  
  Running on/with
  Juniper Security Threat Response Manager 7.5.0 cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:-
OR  
  Running on/with
  Juniper Security Threat Response Manager 7.5.0 Up1 cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up1
OR  
  Running on/with
  Juniper Security Threat Response Manager 7.5.0 Up2 cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up2
OR  
  Running on/with
  Juniper Security Threat Response Manager 7.5.0 Up3 cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up3
OR  
  Running on/with
  Juniper Jsa1500 cpe:2.3:h:juniper:jsa1500:-
OR  
  Running on/with
  Juniper Jsa3500 cpe:2.3:h:juniper:jsa3500:-
OR  
  Running on/with
  Juniper Jsa3800 cpe:2.3:h:juniper:jsa3800:-
OR  
  Running on/with
  Juniper Jsa5500 cpe:2.3:h:juniper:jsa5500:-
OR  
  Running on/with
  Juniper Jsa5800 cpe:2.3:h:juniper:jsa5800:-
OR  
  Running on/with
  Juniper Jsa7500 cpe:2.3:h:juniper:jsa7500:-
OR  
  Running on/with
  Juniper Jsa7800 cpe:2.3:h:juniper:jsa7800:-