CVE-2022-42889

Description from NVD

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

Information Acquisition Date:2023-03-13T09:30Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 N/A
     source:CONFIRM
     tags:Mailing List    Vendor Advisory    
 [oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20221020-0004/
     source:CONFIRM
     tags:Third Party Advisory    
 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022
     source:CONFIRM
     tags:Third Party Advisory    
 GLSA-202301-05
     source:GENTOO
     tags:Third Party Advisory    
 20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory
     source:FULLDISC
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html
     source:MISC
     tags:Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apache(6 tweets) Java(2 tweets) Oracle(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://msrc.microsoft.com/update-guide/vulnerability72
https://cvetrends.com50
http://twinybots.ch36
https://www.reddit.com/r/netsec17
https://lists.astaro.com/ASGV9-IPS-rules.html#016
https://securityaffairs.co/wordpress/137462/hacking/text4sh...10
https://news.ycombinator.com/item?id=332306039
https://buff.ly/3yRItRP6
https://cyberwatch.fr/cve/cve-2022-42889-text4shell-comment...6
https://www.tarlogic.com/blog/cve-2022-42889-critical-vulne...6
https://securitylab.github.com/advisories/GHSL-2022-018_Apa...6
https://github.com/SeanWrightSec/CVE-2022-42889-PoC5
https://blog.aquasec.com/cve-2022-42889-text2shell-apache-c...5
https://www.wordfence.com/blog/2022/10/threat-advisory-moni...5
https://www.darkreading.com/application-security/researcher...5
https://noticiasseguridad.com/vulnerabilidades/vulnerabilid...5
https://techcommunity.microsoft.com/t5/azure-network-securi...5
http://localhost/text4shell/attack?search=%24%7Bscript%3Aja...4
http://Betterscan.io4
http://SecurityWeek.Com4
https://blogs.apache.org/security4
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol...4
https://tweetedtimes.com/seclabor?s=tnp4
https://thehackernews.com/2022/10/hackers-started-exploitin...4
https://securityboulevard.com/2022/10/new-text2shell-rce-vu...4
https://www.redpacketsecurity.com/apache-commons-text-code-...4
https://bit.ly/3SuNd6O3
https://dev.to/qainsights/apache-commons-text-cve-2022-4288...3
https://zpr.io/5pFiWsvhwaTS3
https://twitch.tv/SeanWrightSec3
https://sysdig.com/blog/cve-2022-42889-text4shell3
https://fullhunt.io/blog/2022/10/20/apache-commons-text-rce...3
https://opsmtrs.com/3fTgB6p3
https://twitter.com/GossiTheDog/status/15819736554534338563
https://socprime.com/blog/detecting-text4shell-cve-2022-428...3
https://sploitus.com/exploit?id=AF560983-0EB2-544A-AB6D-71D...3
http://Checkmarx.com3
https://www.docker.com/blog/security-advisory-cve-2022-4288...3
https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-...3
https://infosecwriteups.com/text4shell-poc-cve-2022-42889-f...3
https://securitybulldog.com/blog/how-to-find-remediation-in...3
https://www.securityweek.com/critical-apache-commons-text-f...3
https://www.helpnetsecurity.com/2022/10/19/cve-2022-42889/3
https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-...3
https://ipssignatures.appspot.com/?cve=CVE-2022-428893
https://codebook.machinarecord.com/232003
https://singapore.info-teknologi.web.id/2022/10/19/apache-c...3

▼ Show Information from Twitter(21)

List of frequently cited URLs

URLNum of Times Referred to
msrc.microsoft.com72
cvetrends.com50
twinybots.ch36
www.reddit.com17
lists.astaro.com16
securityaffairs.co10
news.ycombinator.com9
buff.ly6
cyberwatch.fr6
www.tarlogic.com6
securitylab.github.com6
github.com5
blog.aquasec.com5
www.wordfence.com5
www.darkreading.com5
noticiasseguridad.com5
techcommunity.microsoft.com5
localhost4
Betterscan.io4
SecurityWeek.Com4
blogs.apache.org4
lists.apache.org4
tweetedtimes.com4
thehackernews.com4
securityboulevard.com4
www.redpacketsecurity.com4
bit.ly3
dev.to3
zpr.io3
twitch.tv3
sysdig.com3
fullhunt.io3
opsmtrs.com3
twitter.com3
socprime.com3
sploitus.com3
Checkmarx.com3
www.docker.com3
www.rapid7.com3
infosecwriteups.com3
securitybulldog.com3
www.securityweek.com3
www.helpnetsecurity.com3
nakedsecurity.sophos.com3
ipssignatures.appspot.com3
codebook.machinarecord.com3
singapore.info-teknologi.web.id3

▼ Show Information from Twitter(21)

GitHub Search Results: Up to 10
NameURL
ClickCyber/cve-2022-42889 https://github.com/ClickCyber/cve-2022-42889
SeanWrightSec/CVE-2022-42889-PoC https://github.com/SeanWrightSec/CVE-2022-42889-PoC
kljunowsky/CVE-2022-42889-text4shell https://github.com/kljunowsky/CVE-2022-42889-text4shell
securekomodo/text4shell-scan https://github.com/securekomodo/text4shell-scan
korteke/CVE-2022-42889-POC https://github.com/korteke/CVE-2022-42889-POC
cxzero/CVE-2022-42889-text4shell https://github.com/cxzero/CVE-2022-42889-text4shell
securekomodo/text4shell-poc https://github.com/securekomodo/text4shell-poc
akshayithape-devops/CVE-2022-42889-POC https://github.com/akshayithape-devops/CVE-2022-42889-POC
HKirito/CVE-2022-33980 https://github.com/HKirito/CVE-2022-33980
standb/CVE-2022-42889 https://github.com/standb/CVE-2022-42889
GitHub Search Results: Up to 10
NameURL
ClickCyber/cve-2022-42889 github.com
SeanWrightSec/CVE-2022-42889-PoC github.com
kljunowsky/CVE-2022-42889-text4shell github.com
securekomodo/text4shell-scan github.com
korteke/CVE-2022-42889-POC github.com
cxzero/CVE-2022-42889-text4shell github.com
securekomodo/text4shell-poc github.com
akshayithape-devops/CVE-2022-42889-POC github.com
HKirito/CVE-2022-33980 github.com
standb/CVE-2022-42889 github.com
2023/04/18 Score : 0
Added Har-sia Database : 2022/10/13
Last Modified : 2023/04/18
Highest Scored Date : 2022/10/18
Highest Score : 158