Skip to main content
Matrix42 Self-Service Help Center

CVE-2022-42889: Apache Commons Text RCE when applied to untrusted input - Text4Shell


CVE                  CVE-2022-42889
CWE                CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSS v3.x    9.8 - Critical

In this article we would like to inform you about the critical vulnerability in the popular library Apache Commons Text (also known as Text4Shell) and its use in Matrix42 products. Apache Commons Text is a library focused on algorithms working on strings. This vulnerability affects all versions between 1.5 and 1.9. A fix is available for the current Apache Commons Text version 1.10.

Matrix42 products affected by the Apache Commons Text vulnerability

Apache Commons Text is not used in Matrix42 products.

Component Matrix42 Risk evaluation Required Actions/Recommendations Note Fixed Version Mitigation







Next Steps

Matrix42 will continue to provide updates as necessary in this document.


Update 1 (2022-11-09)
Matrix42 products are not affected by this vulnerability because they don't use Apache Commons Text.

Change log

Date Description of change
2022-11-03 Initial publication
2022-11-09 Update 1 - Matrix42 products not affected