Exploit for #VU68307 Code Injection in Apache Commons Text

Vulnerability identifier: #VU68307

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2022-42889

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 25

• March 25, 2025
  • text4shell-exploit (A custom Python-based proof-of-concept (PoC) exploit targeting Text4Shell (CVE-2022-42889), a critical remote code execution vulnerability in Apache Commons Text versions < 1.10.) [Github]
• January 19, 2024
  • Apache Commons Text RCE [Metasploit]
• October 24, 2023
  • Apache-Commons-Text-CVE-2022-42889 (Apache Text4Shell (CVE-2022-42889) Burp Bounty Profile) [Github]
• June 29, 2023
  • CVE-2022-42889-Text4Shell-POC (This repository contains a Python script to automate the process of testing for a vulnerability known as Text4Shell, referenced under the CVE id: CVE-2022-42889. ) [Github]
• March 28, 2023
  • CVE-2022-42889 (CVE-2022-42889 dockerized sample application (Apache Commons Text RCE)) [Github]
• December 11, 2022
  • text4shell-exploit (CVE-2022-42889 - Text4Shell exploit) [Github]
• November 21, 2022
  • Text4shell-exploit (Python Script to exploit RCE of CVE-2022-42889 ) [Github]
• November 7, 2022
  • CVE-2022-42889-PoC (Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability) ) [Github]
  • CVE-2022-42889-RCE (Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability) ) [Github]
• November 4, 2022
  • CVE-2022-42889 (CVE-2022-42889 Blind-RCE Nuclei Template) [Github]
• October 29, 2022
  • text4shell-CVE-2022-42889 () [Github]
• October 26, 2022
  • Text4Shell-Scanner (Vulnerability Scanner for CVE-2022-42889 (Text4Shell)) [Github]
• October 25, 2022
  • CVE-2022-42889-text4shell (CVE-2022-42889 aka Text4Shell research & PoC) [Github]
  • CVE-2022-42889 (Text4Shell PoC Exploit ) [Github]
• October 23, 2022
  • CVE-2022-42889-Text4Shell-Exploit-POC (CVE-2022-42889 Text4Shell Exploit POC) [Github]
  • CVE-2022-42889 (python script for CVE-2022-42889) [Github]
  • text4shell-poc (Proof of Concept Appliction for testing CVE-2022-42889) [Github]
  • CVE-2022-42889 (CVE-2022-42889 dockerized sample application (Apache Commons Text RCE)) [Github]
  • CVE-2022-42889-POC (A simple dockerize application that shows how to exploit the CVE-2022-42889 vulnerability.) [Github]
• October 20, 2022
  • cve-2022-42889-intercept (通过 jvm 启动参数 以及 jps pid进行拦截非法参数) [Github]
  • text4shell-scan (A fully automated, accurate, and extensive scanner for finding text4shell RCE CVE-2022-42889) [Github]
• October 19, 2022
  • CVE-2022-42889-POC (A simple application that shows how to exploit the CVE-2022-42889 vulnerability) [Github]
  • CVE-2022-42899 () [Github]
  • text4shell-policy (ClusterImagePolicy demo for cve-2022-42889 text4shell ) [Github]
  • cve-2022-42889-text4shell-docker (Dockerized POC for CVE-2022-42889 Text4Shell) [Github]

Vulnerable software:
Apache Commons Text
Universal components / Libraries / Software for developers

Vendor: Apache Foundation