vulnerability
SUSE: CVE-2022-29599: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2022-05-23 | 2023-03-20 | 2023-03-20 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2022-05-23
Added
2023-03-20
Modified
2023-03-20
Description
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Solution(s)
suse-upgrade-antlr4-maven-pluginsuse-upgrade-bnd-maven-pluginsuse-upgrade-bnd-maven-plugin-javadocsuse-upgrade-exec-maven-pluginsuse-upgrade-exec-maven-plugin-javadocsuse-upgrade-gmavenplus-pluginsuse-upgrade-gmavenplus-plugin-javadocsuse-upgrade-hawtjni-maven-pluginsuse-upgrade-hawtjni-maven-plugin-javadocsuse-upgrade-javacc-maven-pluginsuse-upgrade-javacc-maven-plugin-javadocsuse-upgrade-mavensuse-upgrade-maven-antrun-pluginsuse-upgrade-maven-antrun-plugin-javadocsuse-upgrade-maven-archiversuse-upgrade-maven-archiver-javadocsuse-upgrade-maven-artifactsuse-upgrade-maven-artifact-managersuse-upgrade-maven-artifact-resolversuse-upgrade-maven-artifact-resolver-javadocsuse-upgrade-maven-artifact-transfersuse-upgrade-maven-artifact-transfer-javadocsuse-upgrade-maven-assembly-pluginsuse-upgrade-maven-assembly-plugin-javadocsuse-upgrade-maven-clean-pluginsuse-upgrade-maven-clean-plugin-javadocsuse-upgrade-maven-common-artifact-filterssuse-upgrade-maven-common-artifact-filters-javadocsuse-upgrade-maven-compiler-pluginsuse-upgrade-maven-compiler-plugin-bootstrapsuse-upgrade-maven-compiler-plugin-javadocsuse-upgrade-maven-dependency-analyzersuse-upgrade-maven-dependency-analyzer-javadocsuse-upgrade-maven-dependency-pluginsuse-upgrade-maven-dependency-plugin-javadocsuse-upgrade-maven-dependency-treesuse-upgrade-maven-dependency-tree-javadocsuse-upgrade-maven-doxia-coresuse-upgrade-maven-doxia-javadocsuse-upgrade-maven-doxia-logging-apisuse-upgrade-maven-doxia-module-aptsuse-upgrade-maven-doxia-module-confluencesuse-upgrade-maven-doxia-module-docbook-simplesuse-upgrade-maven-doxia-module-fmlsuse-upgrade-maven-doxia-module-fosuse-upgrade-maven-doxia-module-latexsuse-upgrade-maven-doxia-module-rtfsuse-upgrade-maven-doxia-module-twikisuse-upgrade-maven-doxia-module-xdocsuse-upgrade-maven-doxia-module-xhtmlsuse-upgrade-maven-doxia-module-xhtml5suse-upgrade-maven-doxia-sink-apisuse-upgrade-maven-doxia-sitetoolssuse-upgrade-maven-doxia-sitetools-javadocsuse-upgrade-maven-doxia-test-docssuse-upgrade-maven-enforcersuse-upgrade-maven-enforcer-apisuse-upgrade-maven-enforcer-javadocsuse-upgrade-maven-enforcer-pluginsuse-upgrade-maven-enforcer-rulessuse-upgrade-maven-failsafe-pluginsuse-upgrade-maven-failsafe-plugin-bootstrapsuse-upgrade-maven-file-managementsuse-upgrade-maven-file-management-javadocsuse-upgrade-maven-filteringsuse-upgrade-maven-filtering-javadocsuse-upgrade-maven-install-pluginsuse-upgrade-maven-install-plugin-javadocsuse-upgrade-maven-invokersuse-upgrade-maven-invoker-javadocsuse-upgrade-maven-jar-pluginsuse-upgrade-maven-jar-plugin-bootstrapsuse-upgrade-maven-jar-plugin-javadocsuse-upgrade-maven-javadocsuse-upgrade-maven-javadoc-pluginsuse-upgrade-maven-javadoc-plugin-bootstrapsuse-upgrade-maven-javadoc-plugin-javadocsuse-upgrade-maven-libsuse-upgrade-maven-localsuse-upgrade-maven-mappingsuse-upgrade-maven-mapping-javadocsuse-upgrade-maven-modelsuse-upgrade-maven-monitorsuse-upgrade-maven-plugin-annotationssuse-upgrade-maven-plugin-build-helpersuse-upgrade-maven-plugin-build-helper-javadocsuse-upgrade-maven-plugin-bundlesuse-upgrade-maven-plugin-bundle-javadocsuse-upgrade-maven-plugin-descriptorsuse-upgrade-maven-plugin-pluginsuse-upgrade-maven-plugin-plugin-bootstrapsuse-upgrade-maven-plugin-plugin-javadocsuse-upgrade-maven-plugin-registrysuse-upgrade-maven-plugin-testingsuse-upgrade-maven-plugin-testing-harnesssuse-upgrade-maven-plugin-testing-javadocsuse-upgrade-maven-plugin-testing-toolssuse-upgrade-maven-plugin-tools-annotationssuse-upgrade-maven-plugin-tools-antsuse-upgrade-maven-plugin-tools-apisuse-upgrade-maven-plugin-tools-beanshellsuse-upgrade-maven-plugin-tools-generatorssuse-upgrade-maven-plugin-tools-javasuse-upgrade-maven-plugin-tools-javadocsuse-upgrade-maven-plugin-tools-modelsuse-upgrade-maven-profilesuse-upgrade-maven-projectsuse-upgrade-maven-remote-resources-pluginsuse-upgrade-maven-remote-resources-plugin-javadocsuse-upgrade-maven-reporting-apisuse-upgrade-maven-reporting-api-javadocsuse-upgrade-maven-resolversuse-upgrade-maven-resolver-apisuse-upgrade-maven-resolver-connector-basicsuse-upgrade-maven-resolver-implsuse-upgrade-maven-resolver-javadocsuse-upgrade-maven-resolver-named-lockssuse-upgrade-maven-resolver-spisuse-upgrade-maven-resolver-test-utilsuse-upgrade-maven-resolver-transport-classpathsuse-upgrade-maven-resolver-transport-filesuse-upgrade-maven-resolver-transport-httpsuse-upgrade-maven-resolver-transport-wagonsuse-upgrade-maven-resolver-utilsuse-upgrade-maven-resources-pluginsuse-upgrade-maven-resources-plugin-bootstrapsuse-upgrade-maven-resources-plugin-javadocsuse-upgrade-maven-script-antsuse-upgrade-maven-script-beanshellsuse-upgrade-maven-settingssuse-upgrade-maven-shared-incrementalsuse-upgrade-maven-shared-incremental-javadocsuse-upgrade-maven-shared-iosuse-upgrade-maven-shared-io-javadocsuse-upgrade-maven-shared-utilssuse-upgrade-maven-shared-utils-javadocsuse-upgrade-maven-source-pluginsuse-upgrade-maven-source-plugin-javadocsuse-upgrade-maven-surefiresuse-upgrade-maven-surefire-javadocsuse-upgrade-maven-surefire-pluginsuse-upgrade-maven-surefire-plugin-bootstrapsuse-upgrade-maven-surefire-plugins-javadocsuse-upgrade-maven-surefire-provider-junitsuse-upgrade-maven-surefire-provider-junit5suse-upgrade-maven-surefire-provider-junit5-javadocsuse-upgrade-maven-surefire-provider-testngsuse-upgrade-maven-surefire-report-parsersuse-upgrade-maven-surefire-report-pluginsuse-upgrade-maven-surefire-report-plugin-bootstrapsuse-upgrade-maven-test-toolssuse-upgrade-maven-toolchainsuse-upgrade-maven-verifiersuse-upgrade-maven-verifier-javadocsuse-upgrade-maven-wagon-filesuse-upgrade-maven-wagon-ftpsuse-upgrade-maven-wagon-httpsuse-upgrade-maven-wagon-http-lightweightsuse-upgrade-maven-wagon-http-sharedsuse-upgrade-maven-wagon-javadocsuse-upgrade-maven-wagon-provider-apisuse-upgrade-maven-wagon-sshsuse-upgrade-maven-wagon-ssh-commonsuse-upgrade-maven-wagon-ssh-externalsuse-upgrade-maven2-javadocsuse-upgrade-modello-maven-pluginsuse-upgrade-modello-maven-plugin-javadocsuse-upgrade-os-maven-pluginsuse-upgrade-os-maven-plugin-javadocsuse-upgrade-paranamer-maven-pluginsuse-upgrade-spec-version-maven-pluginsuse-upgrade-spec-version-maven-plugin-javadocsuse-upgrade-string-template-maven-pluginsuse-upgrade-string-template-maven-plugin-javadocsuse-upgrade-tesla-polyglot-maven-pluginsuse-upgrade-xml-maven-pluginsuse-upgrade-xml-maven-plugin-javadoc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.