Main Vulnerability Database Vulnerabilities #VU68307

Code Injection in Apache Commons Text - CVE-2022-42889

Published: October 14, 2022 / Updated: March 25, 2025

Vulnerability identifier: #VU68307

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2022-42889

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Apache Foundation

Affected software:
Apache Commons Text

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an insecure variable interpolation when processing untrusted input. A remote attacker can send a specially crafted input and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability was dubbed Text4shell.

How to mitigate CVE-2022-42889

Install updates from vendor's website.

Code Injection in Apache Commons Text - CVE-2022-42889

Detailed vulnerability description

How to mitigate CVE-2022-42889

Sources

Please verify you're human