DerScanner
Home / Vulnerability Database / Scala : Text4Shell Vulnerability
Scala

Scala : Text4Shell Vulnerability

Classification

OWASP Top 10 2017
A8-Insecure DeserializationA9-Using Components with Known Vulnerabilities
OWASP Top 10 2021
A6-Vulnerable and Outdated ComponentsA8-Software and Data Integrity Failures
OWASP ASVS
Validation, Sanitization and Encoding
CWE
CWE-94

Overview

Text4Shell is a vulnerability in commons-text, a popular Java library focused on algorithms working on strings, involving the execution of random code.

The application works with data from an unverified source. An attacker can inject malicious content into this data. When the application processes data, that line could cause the vulnerable system to download and run malicious code. As a result, an attacker can potentially get full remote control over the system.

We recommend upgrading to commons-text 1.10.0 and later versions.

References

  1. CVE-2022-42889
  2. Text4Shell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-42889
CRITICAL

DerScanner Severity Score

Do you want to fix Scala : Text4Shell Vulnerability in your application?

See also

Scala

Scala : Unreleased resource stream

Scala

Scala : Multiple loggers in same class

Scala

Scala : Insufficient encryption key length