Main Vulnerability Database Vulnerabilities #VU64957

Code Injection in Apache Commons Configuration - CVE-2022-33980

Published: July 6, 2022 / Updated: October 19, 2022

Vulnerability identifier: #VU64957

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2022-33980

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Apache Foundation

Affected software:
Apache Commons Configuration

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2022-33980

Install updates from vendor's website.

Sources

https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s

Code Injection in Apache Commons Configuration - CVE-2022-33980

Detailed vulnerability description

How to mitigate CVE-2022-33980

Sources

Please verify you're human