This repository contains a simple application using Apache Commons Text < 1.10 which is vulnerable to CVE-2022-42889.

Replace DemoApplication.java nc command by your host ip address.

Listening with netcat:

$ nc -l -p 30000

Build and run docker vulnerable code

docker build . -t vulnerable-app
docker run vulnerable-app

As you can see netcat will be able to execute remote commands