Apache Common Text library - vulnerability
Z000C8UB opened this issue · 2 comments
Z000C8UB commented
Issue Description
A critical remote code execution vulnerability, affecting versions 1.5 through 1.9 of Apache Common Text, has been disclosed in mid-October 2022 (CVE-2022-42889).
Are there any plans to upgrade to suggested Apache Commons Text to version 1.10.0 or later?
Environment
| Component | Version |
|---|---|
| SonarQube | LTS - 8.9.10 |
}
}
gtoison commented
Apache Commons Text was upgraded in version 4.2.2 released in October
You can refer to #680
Z000C8UB commented
Thanks