Opensearch - CVE-2022-42889 Apache Commons-Text RCE - opensearch-2.2.1

Babu · November 11, 2022, 8:20am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue:
Opensearch 2.2.1 has the commons-text version 1.9 which has a security issue.
We need to have commons-text version 1.10 as minimum to fix this CVV.

We need to have a hotfix for opensearch 2.2.1 with commons-text version 1.10.

Configuration:

Relevant Logs or Screenshots:

ralph · November 14, 2022, 8:07am

if you search in the forum for CVE-2022-42889 you’ll find this post which will show you that OpenSearch is not impacted by this CVE:

Topic		Replies	Views
Facing issue with OpenSearch image vulnerabilities OpenSearch cve , security-issue	2	673	January 26, 2023
I Geeting some vulnerability issue in opensearchproject/opensearch:2.8.0 docker Image OpenSearch releases , cve , security-issue	3	357	June 29, 2023
Does CVE-2021-44228 impact OpenSearch General Feedback cve	9	1503	December 20, 2021
CVE-2022-21449 - Is OpenSearch affected? Security discuss , cve , security-issue	1	629	April 26, 2022
I Geeting some vulnerability issue in opensearchproject/opensearch-Dashboard:2.8.0 docker Image OpenSearch releases , cve , security-issue	2	266	June 22, 2023

Opensearch - CVE-2022-42889 Apache Commons-Text RCE - opensearch-2.2.1

Related Topics