vulnerability
Alma Linux: CVE-2022-29599: Important: maven:3.6 security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | May 23, 2022 | Jun 7, 2022 | Nov 27, 2024 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
May 23, 2022
Added
Jun 7, 2022
Modified
Nov 27, 2024
Description
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Solution(s)
alma-upgrade-aopalliancealma-upgrade-apache-commons-clialma-upgrade-apache-commons-codecalma-upgrade-apache-commons-ioalma-upgrade-apache-commons-lang3alma-upgrade-apache-commons-loggingalma-upgrade-atinjectalma-upgrade-cdi-apialma-upgrade-geronimo-annotationalma-upgrade-glassfish-el-apialma-upgrade-google-guicealma-upgrade-guavaalma-upgrade-guava20alma-upgrade-hawtjni-runtimealma-upgrade-httpcomponents-clientalma-upgrade-httpcomponents-corealma-upgrade-jansialma-upgrade-jansi-nativealma-upgrade-jboss-interceptors-1.2-apialma-upgrade-jcl-over-slf4jalma-upgrade-jsoupalma-upgrade-jsr-305alma-upgrade-mavenalma-upgrade-maven-libalma-upgrade-maven-openjdk11alma-upgrade-maven-openjdk17alma-upgrade-maven-openjdk8alma-upgrade-maven-resolveralma-upgrade-maven-resolver-apialma-upgrade-maven-resolver-connector-basicalma-upgrade-maven-resolver-implalma-upgrade-maven-resolver-spialma-upgrade-maven-resolver-transport-wagonalma-upgrade-maven-resolver-utilalma-upgrade-maven-shared-utilsalma-upgrade-maven-wagonalma-upgrade-maven-wagon-filealma-upgrade-maven-wagon-httpalma-upgrade-maven-wagon-http-sharedalma-upgrade-maven-wagon-provider-apialma-upgrade-plexus-cipheralma-upgrade-plexus-classworldsalma-upgrade-plexus-containers-component-annotationsalma-upgrade-plexus-interpolationalma-upgrade-plexus-sec-dispatcheralma-upgrade-plexus-utilsalma-upgrade-sisualma-upgrade-sisu-injectalma-upgrade-sisu-plexusalma-upgrade-slf4j
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.