apache-commons-text
Safeguard articles tagged "apache-commons-text" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Text4Shell deep dive: how CVE-2022-42889 turned string formatting into RCE
CVSS 9.8. Apache Commons Text 1.5–1.9 ran attacker strings through a script interpolator by default — here's the root cause and the fix.
Text4Shell (CVE-2022-42889) Explained: RCE in Apache Commons Text Interpolation
CVE-2022-42889, Text4Shell, let attackers run code through Apache Commons Text's string interpolation when apps passed untrusted input to StringSubstitutor. Here is the flaw and why it was narrower than feared.
Text4Shell RCE in Apache Commons Text CVE-2022-42889
CVE-2022-42889 (Text4Shell) is a 9.8-severity RCE in Apache Commons Text 1.5-1.9. Learn affected versions, timeline, and remediation steps.
Text4Shell Apache Commons Text RCE (CVE-2022-42889)
A deep dive into CVE-2022-42889 (Text4Shell): the Apache Commons Text RCE, its narrower real-world exploitability versus Log4Shell, and how to remediate it.