Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.guicedee.services/commons-text@1.1.1.0

Type maven

Namespace com.guicedee.services

Name commons-text

Version 1.1.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 62

Latest_non_vulnerable_version 62

Affected_by_vulnerabilities

url VCID-j986-mtma-b3bw

vulnerability_id VCID-j986-mtma-b3bw

summary

Arbitrary code execution in Apache Commons Text
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

references

reference_url

http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html

reference_url

http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42889

reference_id

reference_type

scores

value	0.94251
scoring_system	epss
scoring_elements	0.99931
published_at	2026-04-18T12:55:00Z

value	0.94251
scoring_system	epss
scoring_elements	0.9993
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42889

reference_url

https://arxiv.org/pdf/2306.05534

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://arxiv.org/pdf/2306.05534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889

reference_url

http://seclists.org/fulldisclosure/2023/Feb/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://seclists.org/fulldisclosure/2023/Feb/3

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/commons-text

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/commons-text

reference_url

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022

reference_url

https://security.gentoo.org/glsa/202301-05

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://security.gentoo.org/glsa/202301-05

reference_url

https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text

reference_url

https://security.netapp.com/advisory/ntap-20221020-0004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221020-0004

reference_url

https://security.netapp.com/advisory/ntap-20221020-0004/

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://security.netapp.com/advisory/ntap-20221020-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/10/13/4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://www.openwall.com/lists/oss-security/2022/10/13/4

reference_url

http://www.openwall.com/lists/oss-security/2022/10/18/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://www.openwall.com/lists/oss-security/2022/10/18/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787
reference_id	1021787
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2135435
reference_id	2135435
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2135435

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py
reference_id	CVE-2022-42889
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py

reference_url

https://github.com/advisories/GHSA-599f-7c49-w659

reference_id

GHSA-599f-7c49-w659

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-599f-7c49-w659

reference_url	https://access.redhat.com/errata/RHSA-2022:8652
reference_id	RHSA-2022:8652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8652

reference_url	https://access.redhat.com/errata/RHSA-2022:8876
reference_id	RHSA-2022:8876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8876

reference_url	https://access.redhat.com/errata/RHSA-2022:8902
reference_id	RHSA-2022:8902
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8902

reference_url	https://access.redhat.com/errata/RHSA-2022:9023
reference_id	RHSA-2022:9023
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9023

reference_url	https://access.redhat.com/errata/RHSA-2023:0261
reference_id	RHSA-2023:0261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0261

reference_url	https://access.redhat.com/errata/RHSA-2023:0469
reference_id	RHSA-2023:0469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0469

reference_url	https://access.redhat.com/errata/RHSA-2023:1006
reference_id	RHSA-2023:1006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1006

reference_url	https://access.redhat.com/errata/RHSA-2023:1524
reference_id	RHSA-2023:1524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1524

reference_url	https://access.redhat.com/errata/RHSA-2023:1655
reference_id	RHSA-2023:1655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1655

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

reference_url	https://access.redhat.com/errata/RHSA-2025:1747
reference_id	RHSA-2025:1747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1747

fixed_packages

url	pkg:maven/com.guicedee.services/commons-text@62
purl	pkg:maven/com.guicedee.services/commons-text@62
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.guicedee.services/commons-text@62

aliases CVE-2022-42889, GHSA-599f-7c49-w659

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j986-mtma-b3bw

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.guicedee.services/commons-text@1.1.1.0

Package Instance