CVE-2019-20343

Опубликовано: 06 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).

Ссылки

https://drive.google.com/open?id=0B5UvrSwn4wuwTnNqSzZESjIwZHo5ZXhWdHh2T2Z0eWRCT1hF
Third Party Advisory
https://drive.google.com/open?id=1GLs0d9IGArMVrlbEGbxgCjA1MuzIJk-3
Third Party Advisory
https://www.mojohaus.org/exec-maven-plugin/
Vendor Advisory
https://drive.google.com/open?id=0B5UvrSwn4wuwTnNqSzZESjIwZHo5ZXhWdHh2T2Z0eWRCT1hF
Third Party Advisory
https://drive.google.com/open?id=1GLs0d9IGArMVrlbEGbxgCjA1MuzIJk-3
Third Party Advisory
https://www.mojohaus.org/exec-maven-plugin/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mojohaus:exec_maven:1.1.1:*:*:*:*:maven:*:*

EPSS

Процентиль: 75%

0.00916

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-g34f-p6jp-297c

github

больше 3 лет назад