search cancel

Broadcom API Gateway CVE-2022-42889 Apache Commons Text performs variable interpolation

book

Article ID: 252568

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Apache commons-text library has a newly reported vulnerability CVE-2022-42889. Is the CA API Gateway vulnerable to this?

 

Resolution

API Gateway does not utilize 'commons-text' interpolators for string lookups and is not affected or vulnerable to this exploit. At this time NIST shows "undergoing reanalysis" so if there is any new details we will re-evaluate as required.