Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html | |
http://seclists.org/fulldisclosure/2023/Feb/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/10/13/4 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/10/18/1 | Mailing List Third Party Advisory |
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om | Mailing List Vendor Advisory |
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022 | Third Party Advisory |
https://security.gentoo.org/glsa/202301-05 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221020-0004/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
History
19 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Apr 2023, 16:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:juniper:jsa5500:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:jsa5800:-:*:*:*:*:*:*:* cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up1:*:*:*:*:*:* cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up3:*:*:*:*:*:* cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up2:*:*:*:*:*:* cpe:2.3:h:juniper:jsa7800:-:*:*:*:*:*:*:* cpe:2.3:a:juniper:security_threat_response_manager:*:*:*:*:*:*:*:* cpe:2.3:h:juniper:jsa3500:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:jsa7500:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:jsa1500:-:*:*:*:*:*:*:* cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:h:juniper:jsa3800:-:*:*:*:*:*:*:* |
|
First Time |
Juniper jsa5800
Juniper jsa5500 Juniper jsa3500 Juniper security Threat Response Manager Juniper jsa7800 Juniper Juniper jsa3800 Juniper jsa7500 Juniper jsa1500 |
|
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Feb/3 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html - Third Party Advisory, VDB Entry |
01 Mar 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202301-05 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Feb/3 - Third Party Advisory |
15 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Feb 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jan 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Nov 2022, 02:10
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp
Netapp bluexp |
|
CPE | cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:* | |
References | (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022 - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/10/18/1 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221020-0004/ - Third Party Advisory |
22 Oct 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Oct 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Oct 2022, 15:03
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
First Time |
Apache
Apache commons Text |
|
References | (CONFIRM) https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om - Mailing List, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/10/13/4 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:apache:commons_text:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
13 Oct 2022, 17:20
Type | Values Removed | Values Added |
---|---|---|
Summary | Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. | |
References |
|
13 Oct 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-13 13:15
Updated : 2024-01-19 16:15
NVD link : CVE-2022-42889
Mitre link : CVE-2022-42889
CVE.ORG link : CVE-2022-42889
JSON object : View
Products Affected
apache
- commons_text
juniper
- security_threat_response_manager
- jsa7500
- jsa3500
- jsa7800
- jsa5500
- jsa1500
- jsa5800
- jsa3800
netapp
- bluexp
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')