DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Security Advisory: CVE-2022-42889 “Text4Shell”

2 years ago www.docker.com
Security Advisory: CVE-2022-42889 “Text4Shell”

Summary: This is a summary of an article originally published by the source. Read the full original article here →

CVE-2022-42889, aka “Text4Shell”, is a vulnerability in the popular Java library “Apache Commons Text” which can result in arbitrary code execution when processing malicious input. These three mechanisms will be executed on the server and can trigger arbitrary code to execute, pulling code from external sources or embedding arbitrary scripts.

Docker vulnerability scanning tools including the docker scan CLI and https://docs.docker.com/docker-hub/vulnerability-scanning/, powered by Snyk, will detect the presence of the vulnerable versions of the library and flag your image as vulnerable (see below).

As of 12:00 UTC 21 October 2022, Docker Hub now identifies the Text4Shell vulnerability and will badge any image it finds vulnerable.

A number of the Docker Official images do contain the vulnerable versions of Apache Commons Text.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com