# [HIGH] Reviewing CVE-2022-42889: The arbitrary code execution vulnerability in Apache Commons Text

**Source:** Snyk
**Published:** 2022-10-18
**Article:** https://snyk.io/blog/reviewing-cve-2022-42889-in-apache-commons-text/

## Threat Profile

Snyk Blog In this article
Written by Brian Vermeer 
October 18, 2022
0 mins read First things first, let’s be clear that this is NOT a new Log4Shell or Spring4Shell vulnerability . Although it is a remote code execution issue, the impact is neither as severe nor as easily exploitable as the issue in Log4j from December 2021.
Similar to the Log4j issue, the essence of the problem is that you can perform a lookup that can then be misused. However, the Log4shell vulnerability was very easy to explo…

## Indicators of Compromise (high-fidelity only)

- **CVE:** `CVE-2022-42889`

## MITRE ATT&CK Techniques

- **T1190** — Exploit Public-Facing Application

## Kill chain phases observed

_(none detected from narrative keywords)_

## Recommended hunts

### IOC-driven hunts (use shared templates)

These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing.

- **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High**
  - CVE(s): `CVE-2022-42889`


## Why this matters

Severity classified as **HIGH** based on: CVE present, 1 use case(s) fired, 1 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.