Tweet
CVE-2022-42889 vulnerability in commons-text-1.8.jar
Mirth Connect uses commons-text-1.8.jar as a helper library and it is vulnerable to “CVE-2022-42889 (Text4Shell Apache Commons Text vulnerability)”. Is there a way to patch this? Any solutions?
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect\manager-lib\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect\cli-lib\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect\.install4j\user\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect\client-lib\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect Administrator Launcher\cache\4.1.1\core\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
Is it okay to manually download commons-text-1.10 and replace 1.8?
Below is the output from the Wiz security posture tool.
dataurl514556.png
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect\manager-lib\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect\cli-lib\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect\.install4j\user\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect\client-lib\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
The library org.apache.commons:commons-text version 1.8 was detected in Maven library manager located at C:\Program Files\Mirth Connect Administrator Launcher\cache\4.1.1\core\commons-text-1.8.jar and is vulnerable to CVE-2022-42889, which exists in versions >= 1.5, < 1.10.0.
Is it okay to manually download commons-text-1.10 and replace 1.8?
Below is the output from the Wiz security posture tool.
dataurl514556.png
Comment