Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): Describe the issue: Opensearch 2.2.1 has the commons-text version 1.9 which has a security issue. We need to have commons-text version 1.10 as minimum to fix this CVV. We need to have a hotfix for opensearch 2.2.1 with commons-text ve…

if you search in the forum for CVE-2022-42889 you’ll find this post which will show you that OpenSearch is not impacted by this CVE: [image] CVE-2022-42889 by opensearch OpenSearch Hello @speechkey - I spoke with @davelago (SDM, OpenSeach) and he confirmed: Thank you for …

Opensearch - CVE-2022-42889 Apache Commons-Text RCE - opensearch-2.2.1

Security

ralph November 14, 2022, 8:07am 2

if you search in the forum for CVE-2022-42889 you’ll find this post which will show you that OpenSearch is not impacted by this CVE:

1 Like

Topic		Replies	Views
CVE-2022-42889 by opensearch OpenSearch cve , security-issue	5	1028	October 27, 2022
Text4Shell CVE (CVE-2022-42889) detected in OpenSearch Security cve , security-issue	1	1182	November 1, 2022
I Geeting some vulnerability issue in opensearchproject/opensearch:2.8.0 docker Image. Image, OpenSearch releases , cve , security-issue	0	338	June 19, 2023
I Geeting some vulnerability issue in opensearchproject/opensearch:2.8.0 docker Image OpenSearch releases , cve , security-issue	3	523	June 29, 2023
Opensearch v2.2.1 with vulns CVE-2022-24823 CVE-2022-36033 after a Trivy Scan Security cve , security-issue	2	548	September 21, 2022

Opensearch - CVE-2022-42889 Apache Commons-Text RCE - opensearch-2.2.1

Related topics