Security Advisory: CVE-2022-42889 &ldquo;Text4Shell&rdquo;

What is it?

CVE-2022-42889, aka “Text4Shell”, is a vulnerability in the popular Java library “Apache Commons Text” which can result in arbitrary code execution when processing malicious input.More information can be found at GitHub advisory or this Apache thread.

What can an attacker do?

If you’re vulnerable, an attacker can inject malicious input containing keywords which can trigger:

a DNS request
a call to a remote URL
an inline script to execute

Just published by Docker: Read more