Go-Agent || CVE-2022-42889
26 views
Skip to first unread message
Mai M. Khattab
Jul 10, 2023, 11:06:02 AM7/10/23
to go-cd
Hello There,
Any idea how can if there a remediation for (CVE-2022-42889 - Arbitrary code execution in Apache Commons Text · CVE-2022-42889 · GitHub Advisory Database ) on (go-agent), please?
Any idea how can if there a remediation for (CVE-2022-42889 - Arbitrary code execution in Apache Commons Text · CVE-2022-42889 · GitHub Advisory Database ) on (go-agent), please?
I am using go-agent (v23.1) and I found it is using commons-text (v1.9)
Regards,
Chad Wilson
Jul 10, 2023, 11:39:44 AM7/10/23
to go...@googlegroups.com
Hiya
GoCD has been using commons-text 1.10 (with the issue you refer to fixed) since GoCD 22.3.0: https://github.com/gocd/gocd/commit/293022076385c48c9fb41485b5674fa2e69c29c1
The agent bootstrapper doesn't use commons-text at all, however the agent jar which is dynamically downloaded from the server and matches the server's version does use commons-text. You might want to double check your server is running GoCD version 22.3.0 or later?
-Chad
--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/29cd81fe-b404-41c8-8db4-260e1204d00cn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages