Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-10648

Upgrade Commons Text to 1.10.0

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.19.0
    • None
    • None

    Description

      Apache Commons Text versions prior to 1.10.0 are vulnerable to CVE-2022-42889, which involves potential script execution when processing untrusted input using StringLookup. Direct and transitive references to Apache Commons Text prior to 1.10.0 should be upgraded to avoid the default interpolation behavior.

      Attachments

        Issue Links

          is related to

          Dependency upgrade - Upgrading a dependency to a newer version ARTEMIS-4060 Upgrade Commons Text to 1.10.0

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link GitHub Pull Request #6531

          Activity

            People

              exceptionfactory David Handermann
              exceptionfactory David Handermann
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h
                  1h