# CVE-2022-42889 Test application

This repository contains a simple application using Apache Commons Text 1.9 which is vulnerable to CVE-2022-42889.

## Running the application

Build and run the application via docker:

docker build . -t vulnerable-app
docker run vulnerable-app

$ docker ps                                 
CONTAINER ID   IMAGE            COMMAND                  CREATED         STATUS         PORTS                                       NAMES
d01d5cf33f60   vulnerable-app   "java -jar demo-0.0.โ€ฆ"   11 seconds ago   Up 11 seconds                                                awesome_brown

$ docker container exec -it d01d5cf33f60 ash
/opt/app # ls /tmp
hsperfdata_root  rce_test

As you can see, the file `rce_test` exists. Which indicates RCE was succesful.