Customer Portal

Introducing Lumada DataOps Suite

Innovate with Data: Lumada simplifies data management with automation and collaboration.

With Lumada, you can: Gain 360-degree views of your customers, products and assets.

Streamline your business operations and take out cost, and meet stringent compliance demands.

(Resolved) CVE-2022-42889 – Apache Commons Text vulnerability fix ReadMe



The purpose of this document is to provide remediation steps for CVE-2022-42889, a vulnerability that affects Lumada Data Catalog v6.1.1. The vulnerability could potentially allow unauthenticated attackers to execute code remotely on servers running applications with the affected component.


Products Affected 

LDC 6.1.1 - LDC 6.1.1 HF14


Apache Commons text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Starting with version 1.5 and continuing through 1.9, the set of default lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with removed servers if untrusted configuration values are used. Users are recommended to upgrade Apache Commons text 1.10.0, which disables the problematic interpolators by default.

For more information on this CVE, refer to:



Replace the LDC Agent’s copy of Apache Commons Text jar v1.8 with Apache Commons Text v.1.10.0.


Installation Steps
Step 1:
➢ If running, stop the LDC agent:
<Agent Dir>$ bin/agent stop
Step 2:
➢ Remove the Commons-text-1.8.jar from agent dependencies:
$ rm <Agent Dir>/lib/dependencies/commons-text-1.8.jar
Step 3:
➢ Download the upgraded version of Commons-text jar and copy to <Agent Dir>/lib/dependencies/
$ cd <Agent Dir>/lib/dependencies
$ wget
Step 4:
➢ Start the LDC agent
<Agent Dir>$ bin/agent start


Note: Future versions of LDC and its hotfixes will include versions of Apache Commons Text that are not susceptible to the vulnerability documented in CVE-2022-42889. Please follow the Installation Steps to resolve the vulnerability issue in existing instances.