No Results
Remediation to the Apache Commons Text Vulnerability

October 20, 2022

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. For more information, refer to this page.

edgeCore 4.3.x versions use Commons Text 1.8, whereas 4.4.x versions use Commons Text 1.9.

Take the following steps to replace the above-mentioned older Commons Text libraries with version 1.10.0:

  1. Download commons-text-1.10.0.jar file.
  2. Shutdown edgeCore.
  3. Go to the lib folder of the your edgeCore build (edgeCoreInstallHome/tomcat/webapps/ROOT/WEB-INF/lib).
  4. Delete the older commons-text-<version>.jar from this directory.
  5. Move the downloaded jar file (version 1.10.0) to this directory.
  6. Start edgeCore again.


Terms | Privacy