CVE-2022-29599

Опубликовано: 23 мая 2022

Источник: debian

EPSS Низкий

Описание

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
maven-shared-utils	fixed	3.3.4-1		package

Примечания

https://github.com/apache/maven-shared-utils/pull/40
https://issues.apache.org/jira/browse/MSHARED-297
https://github.com/apache/maven-shared-utils/commit/f751e614c09df8de1a080dc1153931f3f68991c9 (maven-shared-utils-3.3.1)

EPSS

Процентиль: 59%

0.00395

Низкий

Связанные уязвимости

CVE-2022-29599

CVSS3: 9.8

ubuntu

около 3 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

CVE-2022-29599

CVSS3: 9.8

redhat

около 5 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

CVE-2022-29599

CVSS3: 9.8

nvd

около 3 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

ROS-20240503-19

CVSS3: 9.8

redos

около 1 года назад

Уязвимость maven-shared-utils

RLSA-2022:4798

rocky

около 3 лет назад

Important: maven:3.5 security update

EPSS

Процентиль: 59%

0.00395

Низкий