Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Critical
Component/s: apache-httpcomponents-client-4-api-plugin
Labels:
- issue-exported-to-github
Environment:
NA

URL:
https://plugins.jenkins.io/commons-text-api/

Hello,

https://plugins.jenkins.io/commons-text-api/ is using

org.apache.commons.commons-text:1.0.9

which is vulnerable to CVE-2022-42889

Refer https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-in-apache-commons-text-like-log4shell-all-over-again/

Please upgrade version of org.apache.commons:commons-text to 1.10 to fix the RCE.

duplicates

JENKINS-69877 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

Closed

Assignee:: Unassigned
Reporter:: Rosan Arya

Created:: 2022-10-19 06:37
Updated:: 2025-12-09 12:14
Resolved:: 2022-10-19 15:52
Archived:: 2025-12-09 12:14