CVE-2022-42889

Description from NVD

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

Information Acquisition Date:2022-11-07T09:42Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 N/A
     source:CONFIRM
     tags:Mailing List    Vendor Advisory    
 [oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
     source:MLIST
     tags:
 https://security.netapp.com/advisory/ntap-20221020-0004/
     source:CONFIRM
     tags:
 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022
     source:CONFIRM
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Adobe(1 tweets) Apache(443 tweets) Apple(1 tweets) Cisco(1 tweets) Exchange(2 tweets) Java(89 tweets) Linux(6 tweets) Oracle(2 tweets) PHP(2 tweets) Struts(2 tweets) Windows(11 tweets) Wordpress(16 tweets) iOS(3 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://msrc.microsoft.com/update-guide/vulnerability62
https://cvetrends.com49
http://twinybots.ch26
https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-...25
https://lists.astaro.com/ASGV9-IPS-rules.html#020
https://www.reddit.com/r/netsec19
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol...11
https://thehackernews.com/2022/10/hackers-started-exploitin...10
https://securityaffairs.co/wordpress/137462/hacking/text4sh...10
https://github.com/SeanWrightSec/CVE-2022-42889-PoC9
https://news.ycombinator.com/item?id=332306039
https://securitylab.github.com/advisories/GHSL-2022-018_Apa...9
https://bit.ly/3SuNd6O7
https://buff.ly/3yRItRP7
https://blogs.apache.org/security7
https://www.helpnetsecurity.com/2022/10/19/cve-2022-42889/7
https://fullhunt.io/blog/2022/10/20/apache-commons-text-rce...6
https://cyberwatch.fr/cve/cve-2022-42889-text4shell-comment...6
https://www.docker.com/blog/security-advisory-cve-2022-4288...6
https://www.tarlogic.com/blog/cve-2022-42889-critical-vulne...6
http://localhost/text4shell/attack?search=%24%7Bscript%3Aja...5
https://opsmtrs.com/3fTgB6p5
https://blog.aquasec.com/cve-2022-42889-text2shell-apache-c...5
https://www.wordfence.com/blog/2022/10/threat-advisory-moni...5
https://securitybulldog.com/blog/how-to-find-remediation-in...5
https://noticiasseguridad.com/vulnerabilidades/vulnerabilid...5
https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-...5
https://codebook.machinarecord.com/232005
https://techcommunity.microsoft.com/t5/azure-network-securi...5
https://sysdig.com/blog/cve-2022-42889-text4shell4
https://twitter.com/GossiTheDog/status/15819736554534338564
http://Betterscan.io4
http://SecurityWeek.Com4
https://tweetedtimes.com/seclabor?s=tnp4
https://www.darkreading.com/application-security/researcher...4
https://www.redpacketsecurity.com/apache-commons-text-code-...4
https://dev.to/qainsights/apache-commons-text-cve-2022-4288...3
https://zpr.io/5pFiWsvhwaTS3
https://twitch.tv/SeanWrightSec3
https://socprime.com/blog/detecting-text4shell-cve-2022-428...3
https://sploitus.com/exploit?id=AF560983-0EB2-544A-AB6D-71D...3
http://Checkmarx.com3
https://infosecwriteups.com/text4shell-poc-cve-2022-42889-f...3
https://www.securityweek.com/critical-apache-commons-text-f...3
https://securityboulevard.com/2022/10/new-text2shell-rce-vu...3
https://ipssignatures.appspot.com/?cve=CVE-2022-428893
https://singapore.info-teknologi.web.id/2022/10/19/apache-c...3

▼ Show Information from Twitter(1004)


List of frequently cited URLs

URLNum of Times Referred to
msrc.microsoft.com62
cvetrends.com49
twinybots.ch26
www.rapid7.com25
lists.astaro.com20
www.reddit.com19
lists.apache.org11
thehackernews.com10
securityaffairs.co10
github.com9
news.ycombinator.com9
securitylab.github.com9
bit.ly7
buff.ly7
blogs.apache.org7
www.helpnetsecurity.com7
fullhunt.io6
cyberwatch.fr6
www.docker.com6
www.tarlogic.com6
localhost5
opsmtrs.com5
blog.aquasec.com5
www.wordfence.com5
securitybulldog.com5
noticiasseguridad.com5
nakedsecurity.sophos.com5
codebook.machinarecord.com5
techcommunity.microsoft.com5
sysdig.com4
twitter.com4
Betterscan.io4
SecurityWeek.Com4
tweetedtimes.com4
www.darkreading.com4
www.redpacketsecurity.com4
dev.to3
zpr.io3
twitch.tv3
socprime.com3
sploitus.com3
Checkmarx.com3
infosecwriteups.com3
www.securityweek.com3
securityboulevard.com3
ipssignatures.appspot.com3
singapore.info-teknologi.web.id3

▼ Show Information from Twitter(1004)


GitHub Search Results: Up to 10
NameURL
ClickCyber/cve-2022-42889 https://github.com/ClickCyber/cve-2022-42889
SeanWrightSec/CVE-2022-42889-PoC https://github.com/SeanWrightSec/CVE-2022-42889-PoC
kljunowsky/CVE-2022-42889-text4shell https://github.com/kljunowsky/CVE-2022-42889-text4shell
securekomodo/text4shell-scan https://github.com/securekomodo/text4shell-scan
korteke/CVE-2022-42889-POC https://github.com/korteke/CVE-2022-42889-POC
cxzero/CVE-2022-42889-text4shell https://github.com/cxzero/CVE-2022-42889-text4shell
securekomodo/text4shell-poc https://github.com/securekomodo/text4shell-poc
akshayithape-devops/CVE-2022-42889-POC https://github.com/akshayithape-devops/CVE-2022-42889-POC
HKirito/CVE-2022-33980 https://github.com/HKirito/CVE-2022-33980
standb/CVE-2022-42889 https://github.com/standb/CVE-2022-42889

GitHub Search Results: Up to 10
NameURL
ClickCyber/cve-2022-42889 github.com
SeanWrightSec/CVE-2022-42889-PoC github.com
kljunowsky/CVE-2022-42889-text4shell github.com
securekomodo/text4shell-scan github.com
korteke/CVE-2022-42889-POC github.com
cxzero/CVE-2022-42889-text4shell github.com
securekomodo/text4shell-poc github.com
akshayithape-devops/CVE-2022-42889-POC github.com
HKirito/CVE-2022-33980 github.com
standb/CVE-2022-42889 github.com

2022/12/02 Score : 2
Added Har-sia Database : 2022/10/13
Last Modified : 2022/12/02
Highest Scored Date : 2022/10/18
Highest Score : 158