You are not logged in. Click here to log in.

codebeamer Application Lifecycle Management (ALM)

Search In Project

Search inClear

Tags:  not added yet

Apache Commons Text Packages Vulnerability

Description

CVE-2022-42889

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.

The flaw does not impact codebeamer services in any codebeamer version. The codebeamer 22.10 (GINA) release will be packaged with the new commons-text-1.10.0.jar file. The release is scheduled for end of October 2022.

Source: CVE-2022-42889.


It is possible to replace the JAR file manually. To do this, perform the following steps:

  1. Download the following file: commons-text-1.10.0.jar
  2. Stop codebeamer.
  3. Locate the commons-text-1.9.jar file and replace it with the commons-text-1.10.0.jar file.
  4. Restart codebeamer.
    Replacing the JAR file manually impacts the sorting of the table columns at Microsoft Excel import.