CVE-2022-42889 - Text4Shell

CVE-2022-42889 aka Text4Shell is a vulnerability in the popular Java library “Apache Commons Text” which can result in arbitrary code execution when processing malicious input. The versions affected are 1.5-1.9 inclusive.

This component is used in debugging and testing features of CodeSonar's Java/C# analyses.  It is unlikely users have discovered or enabled these testing or debugging features.  Commons Text will be upgraded in CodeSonar 7.2 regardless.  CodeSonar versions other than 7.2 and that are supported will be patched on a need by need basis; inform us if you have a need.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

GrammaTech Resource Library
Welcome to GrammaTech's resource library. Here you will find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber attacks.
Shift Left Academy
Shift Left Academy is an educational resource to help implement a security first approach. Shift Left focuses on finding and preventing defects and security vulnerabilities early in the software development process
Blog
Posts by topic including static analysis, software assurance, and binary analysis