CentOS Linux: CVE-2022-29599: Important: maven-shared-utils security update (Multiple Advisories)
8
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
04/26/2022
05/03/2022
05/02/2022
05/25/2023
Description
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Solution(s)
- centos-upgrade-aopalliance
- centos-upgrade-apache-commons-cli
- centos-upgrade-apache-commons-codec
- centos-upgrade-apache-commons-io
- centos-upgrade-apache-commons-lang3
- centos-upgrade-apache-commons-logging
- centos-upgrade-atinject
- centos-upgrade-cdi-api
- centos-upgrade-geronimo-annotation
- centos-upgrade-glassfish-el-api
- centos-upgrade-google-guice
- centos-upgrade-guava
- centos-upgrade-guava20
- centos-upgrade-hawtjni-runtime
- centos-upgrade-httpcomponents-client
- centos-upgrade-httpcomponents-core
- centos-upgrade-jansi
- centos-upgrade-jansi-native
- centos-upgrade-jboss-interceptors-1-2-api
- centos-upgrade-jcl-over-slf4j
- centos-upgrade-jsoup
- centos-upgrade-jsr-305
- centos-upgrade-maven
- centos-upgrade-maven-lib
- centos-upgrade-maven-openjdk11
- centos-upgrade-maven-openjdk17
- centos-upgrade-maven-openjdk8
- centos-upgrade-maven-resolver
- centos-upgrade-maven-resolver-api
- centos-upgrade-maven-resolver-connector-basic
- centos-upgrade-maven-resolver-impl
- centos-upgrade-maven-resolver-spi
- centos-upgrade-maven-resolver-transport-wagon
- centos-upgrade-maven-resolver-util
- centos-upgrade-maven-shared-utils
- centos-upgrade-maven-shared-utils-javadoc
- centos-upgrade-maven-wagon
- centos-upgrade-maven-wagon-file
- centos-upgrade-maven-wagon-http
- centos-upgrade-maven-wagon-http-shared
- centos-upgrade-maven-wagon-provider-api
- centos-upgrade-plexus-cipher
- centos-upgrade-plexus-classworlds
- centos-upgrade-plexus-containers-component-annotations
- centos-upgrade-plexus-interpolation
- centos-upgrade-plexus-sec-dispatcher
- centos-upgrade-plexus-utils
- centos-upgrade-sisu
- centos-upgrade-sisu-inject
- centos-upgrade-sisu-plexus
- centos-upgrade-slf4j
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center