CVE-2022-42889 - Text4Shell

Oliver Nott

Updated November 09, 2022 12:22

CVE-2022-42889 aka Text4Shell is a vulnerability in the popular Java library “Apache Commons Text” which can result in arbitrary code execution when processing malicious input. The versions affected are 1.5-1.9 inclusive.

This component is used in debugging and testing features of CodeSonar's Java/C# analyses. It is unlikely users have discovered or enabled these testing or debugging features. Commons Text will be upgraded in CodeSonar 7.2 regardless. CodeSonar versions other than 7.2 and that are supported will be patched on a need by need basis; inform us if you have a need.

Articles in this section

GrammaTech Resource Library

Welcome to GrammaTech's resource library. Here you will find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber attacks.

Shift Left Academy

Shift Left Academy is an educational resource to help implement a security first approach. Shift Left focuses on finding and preventing defects and security vulnerabilities early in the software development process

Blog

Posts by topic including static analysis, software assurance, and binary analysis