vulnerability
CentOS Linux: CVE-2022-29599: Important: maven-shared-utils security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2022-04-26 | 2022-05-02 | 2023-05-25 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2022-04-26
Added
2022-05-02
Modified
2023-05-25
Description
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Solution(s)
centos-upgrade-aopalliancecentos-upgrade-apache-commons-clicentos-upgrade-apache-commons-codeccentos-upgrade-apache-commons-iocentos-upgrade-apache-commons-lang3centos-upgrade-apache-commons-loggingcentos-upgrade-atinjectcentos-upgrade-cdi-apicentos-upgrade-geronimo-annotationcentos-upgrade-glassfish-el-apicentos-upgrade-google-guicecentos-upgrade-guavacentos-upgrade-guava20centos-upgrade-hawtjni-runtimecentos-upgrade-httpcomponents-clientcentos-upgrade-httpcomponents-corecentos-upgrade-jansicentos-upgrade-jansi-nativecentos-upgrade-jboss-interceptors-1-2-apicentos-upgrade-jcl-over-slf4jcentos-upgrade-jsoupcentos-upgrade-jsr-305centos-upgrade-mavencentos-upgrade-maven-libcentos-upgrade-maven-openjdk11centos-upgrade-maven-openjdk17centos-upgrade-maven-openjdk8centos-upgrade-maven-resolvercentos-upgrade-maven-resolver-apicentos-upgrade-maven-resolver-connector-basiccentos-upgrade-maven-resolver-implcentos-upgrade-maven-resolver-spicentos-upgrade-maven-resolver-transport-wagoncentos-upgrade-maven-resolver-utilcentos-upgrade-maven-shared-utilscentos-upgrade-maven-shared-utils-javadoccentos-upgrade-maven-wagoncentos-upgrade-maven-wagon-filecentos-upgrade-maven-wagon-httpcentos-upgrade-maven-wagon-http-sharedcentos-upgrade-maven-wagon-provider-apicentos-upgrade-plexus-ciphercentos-upgrade-plexus-classworldscentos-upgrade-plexus-containers-component-annotationscentos-upgrade-plexus-interpolationcentos-upgrade-plexus-sec-dispatchercentos-upgrade-plexus-utilscentos-upgrade-sisucentos-upgrade-sisu-injectcentos-upgrade-sisu-plexuscentos-upgrade-slf4j
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.