Lucene search
K

156 matches found

RedhatCVE
RedhatCVE
added 2022/10/17 4:42 p.m.1409 views

CVE-2022-42889

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS4.7AI score0.99931EPSS
Exploits41References6
Veracode
Veracode
added 2022/10/14 6:57 p.m.65 views

Arbitrary Code Execution

Apache Commons Text is vulnerable to Arbitrary Code Execution. The vulnerability exists in the lookup module due to insecure interpolation defaults when untrusted configuration values are used which allows an attacker to inject arbitrary code into the system...

9.8CVSS9.4AI score0.99931EPSS
Exploits41References10Affected Software4
CNVD
CNVD
added 2022/10/14 12:0 a.m.198 views

Apache Commons Text remote code execution vulnerability

Apache Commons Text is a library focused on string algorithms from the Apache Foundation, U.S. A remote code execution vulnerability exists in Apache Commons Text versions 1.5 through 1.9, which is caused by an insecure interpolation default flaw. An attacker could exploit this vulnerability to...

5.5AI score0.99931EPSS
Exploits41Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/13 7:0 p.m.691 views

Arbitrary code execution in Apache Commons Text

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS9.9AI score0.99931EPSS
Exploits41References13Affected Software2
OSV
OSV
added 2022/10/13 7:0 p.m.7 views

GHSA-599F-7C49-W659 Arbitrary code execution in Apache Commons Text

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS7.6AI score0.99931EPSS
Exploits41References13
NVD
NVD
added 2022/10/13 1:15 p.m.25 views

CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS0.99931EPSS
Exploits41References9
ATTACKERKB
ATTACKERKB
added 2022/10/13 1:15 p.m.2 views

CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS6.3AI score0.99931EPSS
Exploits41References11Affected Software1
OSV
OSV
added 2022/10/13 1:15 p.m.5 views

DEBIAN-CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS8.3AI score0.99931EPSS
Exploits41References1
Prion
Prion
added 2022/10/13 1:15 p.m.43 views

Design/Logic Flaw

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

7.5CVSS9.9AI score0.99931EPSS
Exploits41References9Affected Software2
OSV
OSV
added 2022/10/13 1:15 p.m.3 views

UBUNTU-CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS7.5AI score0.99931EPSS
Exploits41References4
OSV
OSV
added 2022/10/13 12:0 a.m.32 views

CVE-2022-42889 Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS7.4AI score0.99931EPSS
Exploits41References11
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.6 views

Apache Commons Text 代码注入漏洞

Apache Commons Text is a library focused on string algorithms from the Apache Foundation, U.S. A remote code execution vulnerability exists in Apache Commons Text versions 1.5 through 1.9, which is caused by an insecure interpolation default flaw. An attacker could exploit this vulnerability to...

9.8CVSS8.5AI score0.99931EPSS
Exploits41References32
Positive Technologies
Positive Technologies
added 2022/10/13 12:0 a.m.8 views

PT-2022-5052

Name of the Vulnerable Software and Affected Versions Apache Commons Text versions 1.5 through 1.9 Description The issue concerns a vulnerability in Apache Commons Text that allows for variable interpolation, enabling properties to be dynamically evaluated and expanded. The standard format for...

10CVSS9AI score0.99931EPSS
Exploits53References445
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.26 views

CVE-2022-42889 Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

8.2AI score0.99931EPSS
Exploits41References9
CVE
CVE
added 2022/10/13 12:0 a.m.1065 views

CVE-2022-42889

CVE-2022-42889 affects Apache Commons Text 1.5–1.9 where default interpolation lookups (script, dns, url) can trigger arbitrary code execution or remote access when untrusted values are used. The vulnerability can lead to remote code execution or unintended contact with remote servers via the Str...

9.8CVSS10AI score0.99931EPSS
Exploits41References9Affected Software1
Debian CVE
Debian CVE
added 2022/10/13 12:0 a.m.97 views

CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS8.8AI score0.99931EPSS
Exploits41
Rows per page
Query Builder