vulnerability
Oracle Linux: CVE-2022-29599: ELSA-2022-4798: maven:3.5 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | 2020-05-29 | 2022-04-30 | 2025-01-07 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
2020-05-29
Added
2022-04-30
Modified
2025-01-07
Description
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.
A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.
Solution(s)
oracle-linux-upgrade-aopallianceoracle-linux-upgrade-apache-commons-clioracle-linux-upgrade-apache-commons-codecoracle-linux-upgrade-apache-commons-iooracle-linux-upgrade-apache-commons-lang3oracle-linux-upgrade-apache-commons-loggingoracle-linux-upgrade-atinjectoracle-linux-upgrade-cdi-apioracle-linux-upgrade-geronimo-annotationoracle-linux-upgrade-glassfish-el-apioracle-linux-upgrade-google-guiceoracle-linux-upgrade-guavaoracle-linux-upgrade-guava20oracle-linux-upgrade-hawtjni-runtimeoracle-linux-upgrade-httpcomponents-clientoracle-linux-upgrade-httpcomponents-coreoracle-linux-upgrade-jansioracle-linux-upgrade-jansi-nativeoracle-linux-upgrade-jboss-interceptors-1-2-apioracle-linux-upgrade-jcl-over-slf4joracle-linux-upgrade-jsouporacle-linux-upgrade-jsr-305oracle-linux-upgrade-mavenoracle-linux-upgrade-maven-liboracle-linux-upgrade-maven-openjdk11oracle-linux-upgrade-maven-openjdk17oracle-linux-upgrade-maven-openjdk8oracle-linux-upgrade-maven-resolveroracle-linux-upgrade-maven-resolver-apioracle-linux-upgrade-maven-resolver-connector-basicoracle-linux-upgrade-maven-resolver-imploracle-linux-upgrade-maven-resolver-spioracle-linux-upgrade-maven-resolver-transport-wagonoracle-linux-upgrade-maven-resolver-utiloracle-linux-upgrade-maven-shared-utilsoracle-linux-upgrade-maven-shared-utils-javadocoracle-linux-upgrade-maven-wagonoracle-linux-upgrade-maven-wagon-fileoracle-linux-upgrade-maven-wagon-httporacle-linux-upgrade-maven-wagon-http-sharedoracle-linux-upgrade-maven-wagon-provider-apioracle-linux-upgrade-plexus-cipheroracle-linux-upgrade-plexus-classworldsoracle-linux-upgrade-plexus-containers-component-annotationsoracle-linux-upgrade-plexus-interpolationoracle-linux-upgrade-plexus-sec-dispatcheroracle-linux-upgrade-plexus-utilsoracle-linux-upgrade-sisuoracle-linux-upgrade-sisu-injectoracle-linux-upgrade-sisu-plexusoracle-linux-upgrade-slf4j
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.