[LIVY-897] Upgrade Commons Text to 1.10.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 0.9.0
Component/s: None
Labels:
None

Description

Apache Commons Text versions prior to 1.10.0 are vulnerable to CVE-2022-42889, which involves potential script execution when processing untrusted input using StringLookup. Direct and transitive references to Apache Commons Text prior to 1.10.0 should be upgraded to avoid the default interpolation behavior.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jason-Morries Adam

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/Oct/22 07:08

Updated:: 12/Nov/22 22:21