Showing 1 - 6 of 6

CVE-2022-42889

Status Candidate

Overview

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

Related Files

Red Hat Security Advisory 2023-0469-01: Posted Jan 27, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-0469-01 - Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2022-40149, CVE-2022-40150, CVE-2022-40151, CVE-2022-40152, CVE-2022-40153, CVE-2022-40154, CVE-2022-40155, CVE-2022-40156, CVE-2022-42003, CVE-2022-42004, CVE-2022-42889; SHA-256 | 78de6afc9535fe20cdbc4329849f36770128cfd58b4cbe81608fa281372496ec; Download | Favorite | View

Red Hat Security Advisory 2023-0261-02: Posted Jan 18, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-0261-02 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-32224, CVE-2022-42889; SHA-256 | f0b8a6d8460d61fa4ae9979d110407f1930effd68e878c401f90127a6b9a5027; Download | Favorite | View

Gentoo Linux Security Advisory 202301-05: Posted Jan 11, 2023; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202301-5 - A vulnerability has been discovered in Apache Commons Text which could result in arbitrary code execution. Versions less than 1.10.0 are affected.; tags | advisory, arbitrary, code execution; systems | linux, gentoo; advisories | CVE-2022-42889; SHA-256 | db71108f98463292403fd7c6f94877025ceff307cd04b48feff8fc02a418ecb7; Download | Favorite | View

Red Hat Security Advisory 2022-9023-01: Posted Dec 15, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-9023-01 - This release of Red Hat build of Quarkus 2.13.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.; tags | advisory, remote, denial of service, vulnerability, sql injection; systems | linux, redhat; advisories | CVE-2022-31197, CVE-2022-3171, CVE-2022-37734, CVE-2022-4116, CVE-2022-4147, CVE-2022-42003, CVE-2022-42004, CVE-2022-42889; SHA-256 | df6b37e9380bd4d9840f228c66d0517e1bce9318d82620afe02d2b5655495e78; Download | Favorite | View

Red Hat Security Advisory 2022-8902-01: Posted Dec 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-8902-01 - This release of Camel for Spring Boot 3.18.3 serves as a replacement for Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2022-25897, CVE-2022-31684, CVE-2022-42889; SHA-256 | 82726123a48b0a4f3384ba9dcbe543e687280dbbf0db4f130286e5888018f73c; Download | Favorite | View

Red Hat Security Advisory 2022-8876-01: Posted Dec 7, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-8876-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, protocol; systems | linux, redhat; advisories | CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-42003, CVE-2022-42004, CVE-2022-42889; SHA-256 | dd653c1e0ad52e5524dc257ed3b3491dcdb1dcd93451da4187a377acfe1bde05; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 180 files
Ubuntu 78 files
indoushka 48 files
Debian 29 files
CraCkEr 29 files
Google Security Research 12 files
Apple 9 files
Gentoo 9 files
nu11secur1ty 5 files
Jann Horn 4 files

File Archives

Systems

AIX (426)
Apple (1,945)
BSD (370)
CentOS (55)
Cisco (1,917)
Debian (6,673)
Fedora (1,690)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (337)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (44,655)
Mac OS X (684)
Mandriva (3,105)
NetBSD (255)
OpenBSD (480)
RedHat (12,657)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,287)
UNIX (9,188)
UnixWare (185)
Windows (6,520)
Other

CVE-2022-42889

Overview

Related Files

File Archive:

February 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems