Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69887

CVE-2022-42889 in commons-text-api Jenkins Plugin

    XMLWordPrintable

Details

    Description

      Hello,

       

      https://plugins.jenkins.io/commons-text-api/ is using

      org.apache.commons.commons-text:1.0.9 

      which is vulnerable to CVE-2022-42889

      Refer https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-in-apache-commons-text-like-log4shell-all-over-again/

       

      Please upgrade version of org.apache.commons:commons-text to 1.10 to fix the RCE.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-69877 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Unassigned Unassigned
              rosanarya Rosan Arya
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: