CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • 2.13.1

      Problem

      CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

       

      git@github.com:jenkinsci/pipeline-utility-steps-plugin.git dependency tree shows

       

      master-8e05406396b8c26033fd8f32448354165170b3ca-dependency.tree.txt:[INFO] |  \- org.apache.commons:commons-text:jar:1.9:compile

pipeline-utility-steps-2.13.0.dependency.tree.txt:[INFO] |  \- org.apache.commons:commons-text:jar:1.8:compile

pipeline-utility-steps-2.8.0.dependency.tree.txt:[INFO] |  \- org.apache.commons:commons-text:jar:1.8:compile

      all of which appears to be in the range impacted by the cve.

       

        1. master-8e05406396b8c26033fd8f32448354165170b3ca-dependency.tree.txt
          14 kB
          Peter Kahn
        2. pipeline-utility-steps-2.13.0.dependency.tree.txt
          14 kB
          Peter Kahn
        3. pipeline-utility-steps-2.8.0.dependency.tree.txt
          14 kB
          Peter Kahn

            Assignee:
            rsandell
            Reporter:
            Peter Kahn
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: