← Back to Blog
Security Research2022

CVE-2022-42889 Text4shell Apache Commons Vulnerability

By Assaf Morag

Critical vulnerability in Apache Commons Text (CVE-2022-42889), also known as Text4shell, allows remote code execution. This vulnerability affects numerous applications that use the Apache Commons Text library, which is widely used across Java applications.

The vulnerability allows attackers to execute arbitrary code by exploiting the library's string interpolation functionality, making it a critical security concern for affected applications.

Impact

  • Remote code execution without authentication
  • Affects applications using Apache Commons Text versions 1.5 through 1.9
  • Requires immediate patching to version 1.10.0 or later
Read Full Article on Aqua Security →