Hi
I am trying to mitigate the exploit found in CVE-2022-42889 - CVE.report
Apache commons text versions 1.5 to 1.9 is vulnerable and found in SQL developer 22.2
According to this twitter post you can mitigate it by removing the graph feature:
Shortened Twitter link: https://twtr.in/3PkW
I have tried this by deleting the following folder:
\sqldeveloper\sqldeveloper\extensions\oracle.sqldeveloper.pgql
But when I open SQL developer application I can still enable or disable the property graph feature:
I am not a user of SQL developer so might be missing something here. Can anyone give some advice on removing or disabling the Graph Feature through registry or file system?