Security Bulletin: IBM Spectrum Conductor is vulnerable to arbitrary code execution [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Spectrum Conductor in Spark 3.0.1. This bulletin provides interim fixes which include Apache Commons Text 1.10.0 to fix arbitrary code execution in IBM Spectrum Conductor. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

CVE-2022-42889. Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.

Security Advisory ID : BSA-2022-2096 Component : Apache Commons Text Revision : 1.1 Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an...

Arbitrary Code Execution

Apache Commons Text is vulnerable to Arbitrary Code Execution. The vulnerability exists in the lookup module due to insecure interpolation defaults when untrusted configuration values are used which allows an attacker to inject arbitrary code into the system...

Apache Commons Text remote code execution vulnerability

Apache Commons Text is a library focused on string algorithms from the Apache Foundation, U.S. A remote code execution vulnerability exists in Apache Commons Text versions 1.5 through 1.9, which is caused by an insecure interpolation default flaw. An attacker could exploit this vulnerability to...

Apache Commons Text 代码注入漏洞

Apache Commons Text is a library focused on string algorithms from the Apache Foundation, U.S. A remote code execution vulnerability exists in Apache Commons Text versions 1.5 through 1.9, which is caused by an insecure interpolation default flaw. An attacker could exploit this vulnerability to...

CVE-2022-42889 Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...