Skip to content

[FP]: CVE-2025-46295 #8198

New issue
New issue
Closed as not planned
Closed as not planned
[FP]: CVE-2025-46295#8198
Labels
FP ReportossindexLabel for issues that relate to the OSSIndex API
@marcelstoer

Description

@marcelstoer
marcelstoer
opened on Dec 18, 2025

Package URl

pkg:maven/org.apache.commons/[email protected]

CPE

cpe:2.3:a:org.apache.commons:commons-text:1.10.0:::::::*

CVE

CVE-2025-46295

ODC Integration

{"label" => "Maven Plugin"}

ODC Version

12.1.9

Description

https://nvd.nist.gov/vuln/detail/CVE-2025-46295 claims

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API.

That may be so - or not. The CVE is actually for Apple FileMaker which apparently had used commons-text < 1.10. Apart from that, the CVE contains very little information.

Note that you may also bump commons-text to the latest 1.15 for ODC to not report it anymore.

Metadata

Metadata

Assignees

No one assigned

    Labels

    FP ReportossindexLabel for issues that relate to the OSSIndex API

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions