Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69877

CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

XMLWordPrintable

    • 2.13.1

      Problem

      CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

       

      git@github.com:jenkinsci/pipeline-utility-steps-plugin.git dependency tree shows

       

      master-8e05406396b8c26033fd8f32448354165170b3ca-dependency.tree.txt:[INFO] |  \- org.apache.commons:commons-text:jar:1.9:compile

pipeline-utility-steps-2.13.0.dependency.tree.txt:[INFO] |  \- org.apache.commons:commons-text:jar:1.8:compile

pipeline-utility-steps-2.8.0.dependency.tree.txt:[INFO] |  \- org.apache.commons:commons-text:jar:1.8:compile

      all of which appears to be in the range impacted by the cve.

       

        1. master-8e05406396b8c26033fd8f32448354165170b3ca-dependency.tree.txt
          14 kB
        2. pipeline-utility-steps-2.13.0.dependency.tree.txt
          14 kB
        3. pipeline-utility-steps-2.8.0.dependency.tree.txt
          14 kB

            rsandell rsandell
            pkahn_zscaler Peter Kahn
            Votes:
            2 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: