NOMISEC-shoucheng3/asf__commons-text_CVE-2022-42889_1-9

NOMISEC WORKING POC

Exploit for CVE-2022-42889 - Apache Commons Text < 1.10.0 - Code Injection

AI Analysis

This repository contains a proof-of-concept for CVE-2022-42889, a vulnerability in Apache Commons Text. The exploit leverages the StringSubstitutor class to achieve remote code execution (RCE) via insecure interpolation.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1203 - Exploitation for Client Execution

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 222

https://github.com/shoucheng3/asf__commons-text_CVE-2022-42889_1-9

Stars 0

Forks 0

Last Push Aug 20, 2025

Authors

shoucheng3 Apache Software Foundation

Vulnerability

CVE-2022-42889

Apache Commons Text < 1.10.0 - Code Injection

CRITICAL

CVSS 9.8