Apache Commons Text Vulnerability (CVE-2022-42889)
Canon Medical Systems Security Advisory
Overview:
It was announced that there is security vulnerability that affects Apache Commons Text. Apache Commons Text is a library focused on algorithms working on strings. A code injection vulnerability exists when Apache Commons Text library is used in specific condition.
REF: https://nvd.nist.gov/vuln/detail/CVE-2022-42889
Vulnerability Overview:
In order to exploit the vulnerability, the following conditions must be met.
- Run a version of Apache Commons Text from version 1.5 to 1.9
- Use the “StringSubstitutor” interpolator
If the code injection vulnerability is exploited, it may cause a remote code execution.
Possible Affected Canon Medical Systems Products:
Canon Medical Systems Corporation is currently investigating whether there is any impact. It is not found that the products are using the library in vulnerable condition at this time. This security advisory will be updated as the investigation continues.
Resolution:
None
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
