NOMISEC-MendDemo-josh/cve-2022-42889-text4shell

NOMISEC WORKING POC

Exploit for CVE-2022-42889 - Apache Commons Text < 1.10.0 - Code Injection

AI Analysis

This repository contains a functional PoC for CVE-2022-42889 (Text4Shell), demonstrating RCE via Apache Commons Text string interpolation. The exploit leverages the `StringSubstitutor` class to execute arbitrary commands through crafted input.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 8

https://github.com/MendDemo-josh/cve-2022-42889-text4shell

Stars 0

Forks 0

Last Push Dec 21, 2025

Authors

josh MendDemo-josh

Vulnerability

CVE-2022-42889

Apache Commons Text < 1.10.0 - Code Injection

CRITICAL

CVSS 9.8