Hi All,
I want to know a small info on if Nexus v3.38.1-01 has any affect with CVE-2022-42889
We have verified the source code on github, couldn’t see any library related to org.apache.commons:commons-text so want to get the confirmation on the same.
Welcome to the Community forum where members like you can collaborate with like-minded folks, share their expertise, and support the growing Sonatype Community.
Thanks for your inquiry. We are aware of this dependency vulnerability via our continuous monitoring with Nexus Lifecycle.
We consider all dependency vulnerabilities to be potentially exploitable, and we have already queued them for remediation as a routine part of our development process. For the safety of our customers and users, we don’t disclose specific exploitability of this dependency vulnerability.