vulnerability
Red Hat: CVE-2022-29599: Command injection via Commandline class (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2022-04-26 | 2022-05-02 | 2024-11-27 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2022-04-26
Added
2022-05-02
Modified
2024-11-27
Description
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Solution(s)
redhat-upgrade-aopallianceredhat-upgrade-apache-commons-cliredhat-upgrade-apache-commons-codecredhat-upgrade-apache-commons-ioredhat-upgrade-apache-commons-lang3redhat-upgrade-apache-commons-loggingredhat-upgrade-atinjectredhat-upgrade-cdi-apiredhat-upgrade-geronimo-annotationredhat-upgrade-glassfish-el-apiredhat-upgrade-google-guiceredhat-upgrade-guavaredhat-upgrade-guava20redhat-upgrade-hawtjni-runtimeredhat-upgrade-httpcomponents-clientredhat-upgrade-httpcomponents-coreredhat-upgrade-jansiredhat-upgrade-jansi-nativeredhat-upgrade-jboss-interceptors-1-2-apiredhat-upgrade-jcl-over-slf4jredhat-upgrade-jsoupredhat-upgrade-jsr-305redhat-upgrade-mavenredhat-upgrade-maven-libredhat-upgrade-maven-openjdk11redhat-upgrade-maven-openjdk17redhat-upgrade-maven-openjdk8redhat-upgrade-maven-resolverredhat-upgrade-maven-resolver-apiredhat-upgrade-maven-resolver-connector-basicredhat-upgrade-maven-resolver-implredhat-upgrade-maven-resolver-spiredhat-upgrade-maven-resolver-transport-wagonredhat-upgrade-maven-resolver-utilredhat-upgrade-maven-shared-utilsredhat-upgrade-maven-shared-utils-javadocredhat-upgrade-maven-wagonredhat-upgrade-maven-wagon-fileredhat-upgrade-maven-wagon-httpredhat-upgrade-maven-wagon-http-sharedredhat-upgrade-maven-wagon-provider-apiredhat-upgrade-plexus-cipherredhat-upgrade-plexus-classworldsredhat-upgrade-plexus-containers-component-annotationsredhat-upgrade-plexus-interpolationredhat-upgrade-plexus-sec-dispatcherredhat-upgrade-plexus-utilsredhat-upgrade-sisuredhat-upgrade-sisu-injectredhat-upgrade-sisu-plexusredhat-upgrade-slf4j
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.