Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-26291

Опубликовано: 23 апр. 2021
Источник: nvd
CVSS3: 9.1
CVSS2: 6.4
EPSS Средний

Описание

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:maven:*:*:*:*:*:*:*:*
Версия до 3.8.1 (исключая)
Конфигурация 2
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Версия до 1.13.5 (исключая)
Конфигурация 3

Одно из

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
Версия от 8.0.6.0.0 (включая) до 8.0.9.0.0 (включая)
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
Версия от 8.1.0.0.0 (включая) до 8.1.2.0 (включая)
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.1:*:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.47778
Средний

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-346

Связанные уязвимости

ubuntu логотип

CVE-2021-26291

CVSS3: 9.1
ubuntu
около 4 лет назад

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

redhat логотип

CVE-2021-26291

CVSS3: 7.4
redhat
около 4 лет назад

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

msrc логотип

CVE-2021-26291

CVSS3: 9.1
msrc
около 1 месяца назад

Описание отсутствует

debian логотип

CVE-2021-26291

CVSS3: 9.1
debian
около 4 лет назад

Apache Maven will follow repositories that are defined in a dependency ...

github логотип

GHSA-2f88-5hg8-9x2x

CVSS3: 9.1
github
около 4 лет назад

Origin Validation Error in Apache Maven

EPSS

Процентиль: 98%
0.47778
Средний

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-346