IBM Support

How to resolve How to resolve Apache Commons Arbitrary Code Execution (ACE) Vulnerability (Text4Shell) (CVE-2022-42889)

How To


Summary

How to resolve How to resolve Apache Commons Arbitrary Code Execution (ACE) Vulnerability (Text4Shell) (CVE-2022-42889)

Objective

Libraries are impacted by Apache Commons Arbitrary Code Execution (ACE) Vulnerability (Text4Shell) (CVE-2022-42889)

Steps

  • You can use below command to get all the files using common-text jar files 

"locate -b -e -r '^commons-text.jar$'", and "ls -l /proc//fd | grep -Eo '\\S+\\/commons-text
S+jar' | uniq 2> /dev/null"

Above command detects commons-text<version>.jar file from versions 1.5 to 1.9. which are vulnerable.

StreamSets recommendation is to upgrade and use latest SDC version which uses commons-text-1.10 which is not impacted.

NOTE :-

If you are using any third party libraries which are impacted with the vulnerability and having commons-text jars with impacted version then we recommend to avoid using those libs and upgrade the versions where version is commons-text-1.10

Document Location

Worldwide

[{"Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSM21Y","label":"IBM StreamSets"},"ARM Category":[{"code":"","label":""}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
16 March 2025

UID

ibm17186349

Page Feedback