Endpoint Vulnerability

Apache Commons Text CVE-2022-42889 Code Injection Vulnerability

Description

Apache Commons Text 1.5-1.9 default interpolators (script, dns, url) allow arbitrary code execution or unintended remote server contact when untrusted configuration values are used; upgrade to 1.10.0 to disable them.

Outbreak Alert

A vulnerability on Apache Commons Text library that can allow the attacker to do a Remote Code Execution (RCE) via its interpolation. FortiGuard has added protections throughout the Security Fabric to safeguard its customers from possible attacks.

View the full Outbreak Alert Report

Affected Applications

Apache Commons Text

Version Updates

Date	Version	Status	Detail
2023-08-03	1.00514	New	Apache Commons Text

References

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

ID	4612
Created	Dec 15, 2022
Description Updated	Jan 16, 2026
CVE ID
Tags	Apache Commons Text RCE Threat Signal
Risk
Coverage	FortiClient
OS	Windows
Vendor	Apache
Patch	manual
Application	Apache Commons Text

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

Apache Commons Text CVE-2022-42889 Code Injection Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

Apache Commons Text CVE-2022-42889 Code Injection Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Threat Intelligence
Center