Text4shell (CVE-2022-42889)
- Risk:
High
- Type:
- Active
- CWE:
- CWE-117
- Summary
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).
- Solution
Upgrade Apache Commons Text prior to version 1.10.0 or newer.
- References
https://nvd.nist.gov/vuln/detail/CVE-2022-42889
https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
Oracle silently fixes zero-day exploit leaked by ShinyHunters
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
New Android Pixnapping attack steals MFA codes pixel-by-pixel
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability
CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVE-2007-0671 Microsoft Office Excel Remote Code Execution Vulnerability
MediumParameter Tampering
InformationalRe-examine Cache-control Directives
HighSQL Injection
HighLDAP Injection
Free online web security scanner