Text4Shell Remote Code Execution – (CVE-2022-42889)

Severity: Critical

Invicti detected that the application is vulnerable to a remote code execution (RCE) vulnerability which has CVE-2022-42889 number assigned and mainly affects Apache Software Foundation Commons Text from 1.5 to 1.10.0

  • The vulnerability allows attackers to execute arbitrary code on the target systems. The attacker may also be able to execute arbitrary system commands.
  • There is a publicly available exploit of the vulnerability. It should therefore be addressed as soon as possible.


The StringSubstitutor when used with the default interpolators (StringSubstitutor.createInterpolator()) will perform string lookups that may lead to arbitrary code execution. Please disable script interpolation.


Search Vulnerability

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works