You can translate the question and the replies:

Text4shell CVE-2022-42889

Hello, I would like to check if our Denodo V8 is affected by this text4shell vulnerability : CVE-2022-42889. Regards, Marius RAICU
user
28-12-2022 03:29:55 -0500
code

1 Answer

Hi, In general the vulnerability **Text4shell ‘CVE-2022-42889’** affects the StringSubstitutor interpolator class which is included in the third party Apache Common text library from version 1.5 to 1.9. Denodo has performed a detailed analysis of all the uses of the classes of Apache Common Text and has concluded that ** the Denodo Platform 8.0 is not affected by this vulnerability** either on linux or Windows Operating System, regardless if it is using Apache 1.8. Furthermore, the Apache version will be updated from 1.8 to 1.10 in the Denodo future updates. Suppose if you need more information on this and if you are a valid support user then you could raise a support case on [**Denodo Support Site**](https://support.denodo.com/MainPage.do) so that our support team can help you. Hope it helps!
Denodo Team
28-12-2022 07:05:11 -0500
code
You must sign in to add an answer. If you do not have an account, you can register here