CVE-2022-42889 Test application

This repository contains a simple application using Apache Commons Text 1.9 which is vulnerable to CVE-2022-42889.

Running the application

Build and run the application via docker:

docker build . -t vulnerable-app
docker run vulnerable-app

$ docker ps                                 
CONTAINER ID   IMAGE            COMMAND                  CREATED         STATUS         PORTS                                       NAMES
d01d5cf33f60   vulnerable-app   "java -jar demo-0.0.…"   11 seconds ago   Up 11 seconds                                                awesome_brown

$ docker container exec -it d01d5cf33f60 ash
/opt/app # ls /tmp
hsperfdata_root  rce_test

As you can see, the file rce_test exists. Which indicates RCE was succesful.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commits
.mvn/wrapper		.mvn/wrapper
src/main		src/main
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.mvn/wrapper

.mvn/wrapper

src/main

src/main

.gitignore

.gitignore

Dockerfile

Dockerfile

README.md

README.md

mvnw

mvnw

mvnw.cmd

mvnw.cmd

pom.xml

pom.xml

Repository files navigation

CVE-2022-42889 Test application

Running the application

About

Releases

Packages

Languages

0xst4n/CVE-2022-42889

Folders and files

Latest commit

History

Repository files navigation

CVE-2022-42889 Test application

Running the application

About

Topics

Resources

Stars

Watchers

Forks

Languages