Opensearch - CVE-2022-42889 Apache Commons-Text RCE - opensearch-2.2.1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue:
Opensearch 2.2.1 has the commons-text version 1.9 which has a security issue.
We need to have commons-text version 1.10 as minimum to fix this CVV.

We need to have a hotfix for opensearch 2.2.1 with commons-text version 1.10.


Relevant Logs or Screenshots:

if you search in the forum for CVE-2022-42889 you’ll find this post which will show you that OpenSearch is not impacted by this CVE:

1 Like