{"api_version":"1","generated_at":"2026-04-15T00:20:21+00:00","cve":"CVE-2022-42889","urls":{"html":"https://cve.report/CVE-2022-42889","api":"https://cve.report/api/cve/CVE-2022-42889.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-42889","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-42889"},"summary":{"title":"CVE-2022-42889","description":"Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.","state":"PUBLIC","assigner":"security@apache.org","published_at":"2022-10-13 13:15:00","updated_at":"2024-01-19 16:15:00"},"problem_types":["CWE-94"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Feb/3","name":"20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: OXAS-ADV-2022-0002: OX App Suite Security Advisory","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html","name":"http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html","refsource":"","tags":[],"title":"Apache Commons Text 1.9 Remote Code Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202301-05","name":"GLSA-202301-05","refsource":"GENTOO","tags":[],"title":"Apache Commons Text: Arbitrary Code Execution (GLSA 202301-05) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022","name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022","refsource":"CONFIRM","tags":[],"title":"Security Advisory","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/10/13/4","name":"[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults","refsource":"MLIST","tags":[],"title":"oss-security - CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE\n when applied to untrusted input due to insecure interpolation defaults","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/10/18/1","name":"[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-2022-42889: Apache Commons Text prior to\n 1.10.0 allows RCE when applied to untrusted input due to insecure\n interpolation defaults","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om","name":"N/A","refsource":"CONFIRM","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html","name":"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html","refsource":"MISC","tags":[],"title":"OX App Suite Cross Site Scripting / Server-Side Request Forgery ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20221020-0004/","name":"https://security.netapp.com/advisory/ntap-20221020-0004/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-42889 Apache Commons Text Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-42889","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42889","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"42889","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"commons_text","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"juniper","cpe5":"jsa1500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"juniper","cpe5":"jsa3500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"juniper","cpe5":"jsa3800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"juniper","cpe5":"jsa5500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"juniper","cpe5":"jsa5800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"juniper","cpe5":"jsa7500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"juniper","cpe5":"jsa7800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"juniper","cpe5":"security_threat_response_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"juniper","cpe5":"security_threat_response_manager","cpe6":"7.5.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"juniper","cpe5":"security_threat_response_manager","cpe6":"7.5.0","cpe7":"up1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"juniper","cpe5":"security_threat_response_manager","cpe6":"7.5.0","cpe7":"up2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"juniper","cpe5":"security_threat_response_manager","cpe6":"7.5.0","cpe7":"up3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42889","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"bluexp","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-42889","qid":"150586","title":"Apache Commons Text Remote Code Execution (RCE) Vulnerability (Text4Shell) (CVE-2022-42889)"},{"cve":"CVE-2022-42889","qid":"182611","title":"Debian Security Update for commons-text (CVE-2022-42889)"},{"cve":"CVE-2022-42889","qid":"20317","title":"Oracle Database 21c Critical Patch Update - January 2023"},{"cve":"CVE-2022-42889","qid":"20318","title":"Oracle Database 19c Critical Patch Update - January 2023"},{"cve":"CVE-2022-42889","qid":"20319","title":"Oracle Database 19c Critical OJVM Patch Update - January 2023"},{"cve":"CVE-2022-42889","qid":"241074","title":"Red Hat Update for Satellite 6.12.1 (RHSA-2023:0261)"},{"cve":"CVE-2022-42889","qid":"241326","title":"Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2023:1524)"},{"cve":"CVE-2022-42889","qid":"241340","title":"Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:1655)"},{"cve":"CVE-2022-42889","qid":"241395","title":"Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:1866)"},{"cve":"CVE-2022-42889","qid":"241405","title":"Red Hat Update for Satellite 6.13 (RHSA-2023:2097)"},{"cve":"CVE-2022-42889","qid":"377639","title":"Apache Commons Arbitrary Code Execution (ACE) Vulnerability (Text4Shell) (CVE-2022-42889)"},{"cve":"CVE-2022-42889","qid":"377682","title":"F5 BIG-IP Apache Commons Text Vulnerability (K24823443) (Text4Shell) (CVE-2022-42889)"},{"cve":"CVE-2022-42889","qid":"377701","title":"Apache Commons Arbitrary Code Execution (ACE) Vulnerability (Text4Shell) (CVE-2022-42889) Scan Utility"},{"cve":"CVE-2022-42889","qid":"710697","title":"Gentoo Linux Apache Commons Text Arbitrary Code Execution Vulnerability (GLSA 202301-05)"},{"cve":"CVE-2022-42889","qid":"770183","title":"Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2023:1524)"},{"cve":"CVE-2022-42889","qid":"770184","title":"Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:1655)"},{"cve":"CVE-2022-42889","qid":"770185","title":"Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:1866)"},{"cve":"CVE-2022-42889","qid":"960924","title":"Rocky Linux Security Update for Satellite (RLSA-2023:2097)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2022-42889","STATE":"PUBLIC","TITLE":"Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Commons Text","version":{"version_data":[{"version_affected":">=","version_name":"Apache Commons Text","version_value":"1.5"},{"version_affected":"<=","version_value":"1.9"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":[{"other":"important"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Unexpected variable interpolation"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om","name":"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"},{"refsource":"MLIST","name":"[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults","url":"http://www.openwall.com/lists/oss-security/2022/10/13/4"},{"refsource":"MLIST","name":"[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults","url":"http://www.openwall.com/lists/oss-security/2022/10/18/1"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20221020-0004/","url":"https://security.netapp.com/advisory/ntap-20221020-0004/"},{"refsource":"CONFIRM","name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022"},{"refsource":"GENTOO","name":"GLSA-202301-05","url":"https://security.gentoo.org/glsa/202301-05"},{"refsource":"FULLDISC","name":"20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory","url":"http://seclists.org/fulldisclosure/2023/Feb/3"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html","url":"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html"}]},"source":{"discovery":"UNKNOWN"},"work_around":[{"lang":"eng","value":"Upgrade to Apache Commons Text 1.10.0."}]},"nvd":{"publishedDate":"2022-10-13 13:15:00","lastModifiedDate":"2024-01-19 16:15:00","problem_types":["CWE-94"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:commons_text:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5","versionEndExcluding":"1.10.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:juniper:security_threat_response_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"7.5.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:-:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:juniper:jsa1500:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:juniper:jsa3500:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:juniper:jsa3800:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:juniper:jsa5500:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:juniper:jsa5800:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:juniper:jsa7500:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:juniper:jsa7800:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}