search cancel

CVE-2022-42889 - Continuous Delivery Director

book

Article ID: 252613

calendar_today

Updated On:

Products

Continuous Delivery Director Continuous Delivery Director SAAS

Issue/Introduction

CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found here

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  Is Continuous Delivery Director impacted by this? 

 

Environment

Continuous Delivery Directory v8.4

Cause

Third Party Vulnerability

Resolution

Broadcom Engineering team has analyzed this vulnerability and found that the following Continuous Delivery Director components listed below are impacted by it.

Fixes for these impacted components are expected by the end of next week (2022-10-28). 

 

Components Impacted:

  • Continuous Delivery Director SaaS: Update will be implemented on Nov. 30th. 
  • Continuous Delivery Director on-premise: Update is available by contacting technical support. 
  • Playwright Plugin: Update available here: https://cddirector.io/plugins/
  • Email Plugin: Update available here: https://cddirector.io/plugins/