Apache Commons Text CVE-2022-42889

mp2 · April 24, 2023, 4:52pm

Hello all,
our EDR reports this vulnerability in the following 3 files:

c:\program files\autopsy-4.20.0\autopsy\solr\server\solr-webapp\webapp\web-inf\lib\commons-text-1.6.jar
c:\program files\autopsy-4.20.0\autopsy\solr\solr\lib\commons-text-1.6.jar
c:\program files\autopsy-4.20.0\autopsy\modules\ext\commons-text-1.9.jar

Since it’s marked a critical CVE I’m curious if I could simply replace those with a newer version, 1.10.0 is available from Apache Commons or we have to wait for a new Autopsy release to address those.

Thank you in advance!

Mark_McKinnon · April 24, 2023, 7:46pm

I would not replace the libraries as they have not been tested with Autopsy and there could be issues with them. I will put this on the list of things that need to be looked at for a future release of Autopsy.

Topic		Replies	Views
Solr 8.1.1.0 + Autopsy 4.11 Autopsy Help	4	1292	July 12, 2019
Autopsy 4.18 cluster solr problem Autopsy Help	3	760	April 22, 2021
Keyword Search: The index could not be opened or does not exist (2023) Autopsy Help	8	1033	January 17, 2023
Run the autopsy report errors: prompt Solr Keyword Search Service Error Autopsy Help	5	3873	January 14, 2020
Solr Error. Cannot open case Autopsy Help	13	3102	April 22, 2020

Apache Commons Text CVE-2022-42889

Related Topics