CVE-2022-42889-PoC
This is Proof of Concept for the vulnerability CVE-2022-42889. This code will run the JavaScript code 195 + 324
. If vulnerable the output should be:
Output: 519
In order to run this you will need:
- JDK 11 or above
- Maven
To run this, simply run Maven:
mvn clean install
Am I Vulnerable?
In order for your code to be vulnerable you need to:
- Be running a version of Apache
commons-text
from version1.5.0
up to (and not including)1.10.0
- Using Interpolation for your StringSubstituion (see https://commons.apache.org/proper/commons-text/apidocs/org/apache/commons/text/StringSubstitutor.html)
The fix for this is to update your instances of commons-text
to versions 1.10.0
or later.