CVE-2022-42889 affect on Nexus OSS

Hi All,
I want to know a small info on if Nexus v3.38.1-01 has any affect with CVE-2022-42889

We have verified the source code on github, couldn’t see any library related to org.apache.commons:commons-text so want to get the confirmation on the same.

Nexus OSS version : v3.38.1-01

Hi Sandeep,

Welcome to the Community forum where members like you can collaborate with like-minded folks, share their expertise, and support the growing Sonatype Community.

Thanks for your inquiry. We are aware of this dependency vulnerability via our continuous monitoring with Nexus Lifecycle.

We consider all dependency vulnerabilities to be potentially exploitable, and we have already queued them for remediation as a routine part of our development process. For the safety of our customers and users, we don’t disclose specific exploitability of this dependency vulnerability.

For more information on our processes, please see Repository Security Vulnerabilities.

You can subscribe to announcements of new releases and fixes for verified exploitable vulnerabilities via the Nexus Repository Pro announcements Google group.