CVE-2022-42889 Test application

This repository contains a simple application using Apache Commons Text < 1.10 which is vulnerable to CVE-2022-42889.

Running the application

Replace DemoApplication.java nc command by your host ip address.

Listening with netcat:

$ nc -l -p 30000

Build and run docker vulnerable code

docker build . -t vulnerable-app
docker run vulnerable-app

As you can see netcat will be able to execute remote commands

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
src/main		src/main
Dockerfile		Dockerfile
README.md		README.md
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pom.xml		pom.xml