CVE-2022-42889-PoC

This is Proof of Concept for the vulnerability CVE-2022-42889. This code will run the JavaScript code 195 + 324. If vulnerable the output should be:

Output: 519

In order to run this you will need:

• JDK 11 or above
• Maven

To run this, simply run Maven:

mvn clean install

Am I Vulnerable?

In order for your code to be vulnerable you need to:

• Be running a version of Apache commons-text from version 1.5.0 up to (and not including) 1.10.0
• Using Interpolation for your StringSubstituion (see https://commons.apache.org/proper/commons-text/apidocs/org/apache/commons/text/StringSubstitutor.html)

The fix for this is to update your instances of commons-text to versions 1.10.0 or later.