CVE-2022-42889 in Apache Commons Text and impact on Cassandra 3.11.x

336 Views Asked by At

Can someone help and share information, is there any analysis available to know which Cassandra 3.11.x version is not impacted directly or indirectly by CVE-2022-42889?

2

There are 2 best solutions below

0
On

Apache Cassandra does not use Apache Commons Text so is not affected by the vulnerability reported in CVE-2022-42889 but I'm happy to be corrected if someone has additional information.

For future reference, you should provide background information on why you think a vulnerability applies to a software. You need to specifically provide:

  • evidence that shows why it applies
  • details of the analysis you have performed

If you are able to show that you have done some research before asking, others are more likely to help. Cheers!

0
On

Version 3.11.13 definitely is not affected by CVE-2022-42889. Have scanned using Grype, Trivy and XRay. It is not appearing in scan result.