QID 377639

Apache Commons Text is a popular open-source Java library with an "interpolation system" that allows developers to modify, decode, generate, and escape strings based on inputted string lookups. Apache Commons text is affected by a Arbitrary code execution Vulnerability dubbed as "Text4Shell.

Affected Versions:
Apache Commons Text Versions 1.5 to 1.9

QID Detection: (Authenticated) - Linux
Detection logic executes "locate -b -e -r '^commons-text.*\.jar$'", and "ls -l /proc/*/fd | grep -Eo '\S+\/commons-text\S+jar' | uniq 2> /dev/null" commands and checks if the vulnerable commons-text jar files present on the system.

QID Detection: (Authenticated) - MacOS
Detection logic executes locate and mdfind commands to check the presence of vulnerable commons-text jar files on a system.

QID Detection: (Authenticated) - AIX
Detection logic executes find command to check the presence of vulnerable commons-text jar files on a system.

Successful exploitation of this vulnerability could will allow an attacker to perform Arbitrary Code Execution.