CVE-2022-42889 in Apache Commons Text and impact on Cassandra 3.11.x

336 Views Asked by zvonkac At 05 April 2025 at 02:57

Can someone help and share information, is there any analysis available to know which Cassandra 3.11.x version is not impacted directly or indirectly by CVE-2022-42889?

Original Q&A

There are 2 best solutions below

Erick Ramirez On 23 October 2022 at 11:16

Apache Cassandra does not use Apache Commons Text so is not affected by the vulnerability reported in CVE-2022-42889 but I'm happy to be corrected if someone has additional information.

For future reference, you should provide background information on why you think a vulnerability applies to a software. You need to specifically provide:

evidence that shows why it applies
details of the analysis you have performed

If you are able to show that you have done some research before asking, others are more likely to help. Cheers!

Soumen Ghosh On 23 October 2022 at 04:47

Version 3.11.13 definitely is not affected by CVE-2022-42889. Have scanned using Grype, Trivy and XRay. It is not appearing in scan result.

CVE-2022-42889 in Apache Commons Text and impact on Cassandra 3.11.x

There are 2 best solutions below

Related Questions in CASSANDRA

Related Questions in CASSANDRA-3.0

Related Questions in APACHE-COMMONS-TEXT

Trending Questions

Popular # Hahtags

Popular Questions