Hi folks, as I can see, the last versions of opensearch 1 and opensearch 2 contains org.apache.commons.commons-text Java library in version < 1.10.0 which is vulnerable agains NVD - CVE-2022-42889 . Is theare any hotfix? best regards -s

CVE-2022-42889 by opensearch

kris October 24, 2022, 11:49pm 3

Hello @speechkey - I spoke with @davelago (SDM, OpenSeach) and he confirmed: Thank you for your message about the CVEs reported in OpenSearch versions 1 and 2. After a thorough review we have determined these versions are not impacted by CVE-2022-42889.

Text4Shell CVE (CVE-2022-42889) detected in OpenSearch

Opensearch - CVE-2022-42889 Apache Commons-Text RCE - opensearch-2.2.1

Topic		Replies	Views
Opensearch - CVE-2022-42889 Apache Commons-Text RCE - opensearch-2.2.1 Security upgrade , cve	1	518	November 14, 2022
Facing issue with OpenSearch image vulnerabilities OpenSearch cve , security-issue	2	796	January 26, 2023
CVE-2022-21449 - Is OpenSearch affected? Security discuss , cve , security-issue	1	670	April 26, 2022
Does CVE-2021-44228 impact OpenSearch General Feedback cve	9	1661	December 20, 2021
I Geeting some vulnerability issue in opensearchproject/opensearch:2.8.0 docker Image OpenSearch releases , cve , security-issue	3	509	June 29, 2023

CVE-2022-42889 by opensearch

Related topics