Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Critical
Component/s: apache-httpcomponents-client-4-api-plugin
Labels:
None
Environment:
NA

URL:
https://plugins.jenkins.io/commons-text-api/

Hello,

https://plugins.jenkins.io/commons-text-api/ is using

org.apache.commons.commons-text:1.0.9

which is vulnerable to CVE-2022-42889

Refer https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-in-apache-commons-text-like-log4shell-all-over-again/

Please upgrade version of org.apache.commons:commons-text to 1.10 to fix the RCE.

duplicates

JENKINS-69877 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

Closed

Assignee:: Unassigned
Reporter:: Rosan Arya
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: 2022-10-19 06:37
Updated:: 2023-09-09 17:40
Resolved:: 2022-10-19 15:52