DerScanner
Home / Vulnerability Database / Java : Text4Shell Vulnerability
Java

Java : Text4Shell Vulnerability

Classification

OWASP Top 10 2017
A8-Insecure DeserializationA9-Using Components with Known Vulnerabilities
OWASP Top 10 2021
A6-Vulnerable and Outdated ComponentsA8-Software and Data Integrity Failures
OWASP ASVS
Validation, Sanitization and Encoding
CWE
CWE-94

Overview

Text4Shell is a vulnerability in commons-text, a popular Java library focused on algorithms working on strings, involving the execution of random code.

The application works with data from an unverified source. An attacker can inject malicious content into this data. When the application processes data, that line could cause the vulnerable system to download and run malicious code. As a result, an attacker can potentially get full remote control over the system.

We recommend upgrading to commons-text 1.10.0 and later versions.

References

  1. CVE-2022-42889
  2. Text4Shell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-42889
CRITICAL

DerScanner Severity Score

Do you want to fix Java : Text4Shell Vulnerability in your application?

See also

Java

Java : Race condition

Java

Java : JNI usage

Java

Java : Null encryption key