CVE-2022-42889 - Text4Shell

CVE-2022-42889 aka Text4Shell is a vulnerability in the popular Java library “Apache Commons Text” which can result in arbitrary code execution when processing malicious input. The versions affected are 1.5-1.9 inclusive.

This component is used in debugging and testing features of CodeSonar's Java/C# analyses.  It is unlikely users have discovered or enabled these testing or debugging features.  Commons Text will be upgraded in CodeSonar 7.2 regardless.  CodeSonar versions other than 7.2 and that are supported will be patched on a need by need basis; inform us if you have a need.

Was this article helpful?
1 out of 1 found this helpful

Articles in this section

White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
TalkSecure
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.
X