Описание
ELSA-2022-4797: maven:3.6 security update (IMPORTANT)
maven-shared-utils [3.2.1-0.4]
- Build with OpenJDK 8
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module maven:3.6 is enabled
aopalliance
1.0-20.module+el8.6.0+20615+edd0bff8
apache-commons-cli
1.4-7.module+el8.6.0+20615+edd0bff8
apache-commons-codec
1.13-3.module+el8.6.0+20615+edd0bff8
apache-commons-io
2.6-6.module+el8.6.0+20615+edd0bff8
apache-commons-lang3
3.9-4.module+el8.6.0+20615+edd0bff8
atinject
1-31.20100611svn86.module+el8.6.0+20615+edd0bff8
cdi-api
2.0.1-3.module+el8.6.0+20615+edd0bff8
geronimo-annotation
1.0-26.module+el8.6.0+20615+edd0bff8
google-guice
4.2.2-4.module+el8.6.0+20615+edd0bff8
guava
28.1-3.module+el8.6.0+20615+edd0bff8
httpcomponents-client
4.5.10-4.module+el8.6.0+20615+edd0bff8
httpcomponents-core
4.4.12-3.module+el8.6.0+20615+edd0bff8
jansi
1.18-4.module+el8.6.0+20615+edd0bff8
jcl-over-slf4j
1.7.28-3.module+el8.6.0+20615+edd0bff8
jsoup
1.12.1-3.module+el8.6.0+20615+edd0bff8
jsr-305
0-0.25.20130910svn.module+el8.6.0+20615+edd0bff8
maven
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-lib
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-openjdk11
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-openjdk17
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-openjdk8
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-resolver
1.4.1-3.module+el8.6.0+20615+edd0bff8
maven-shared-utils
3.2.1-0.4.module+el8.6.0+20675+b1cf145f
maven-wagon
3.3.4-2.module+el8.6.0+20615+edd0bff8
plexus-cipher
1.7-17.module+el8.6.0+20615+edd0bff8
plexus-classworlds
2.6.0-4.module+el8.6.0+20615+edd0bff8
plexus-containers-component-annotations
2.1.0-2.module+el8.6.0+20615+edd0bff8
plexus-interpolation
1.26-3.module+el8.6.0+20615+edd0bff8
plexus-sec-dispatcher
1.4-29.module+el8.6.0+20615+edd0bff8
plexus-utils
3.3.0-3.module+el8.6.0+20615+edd0bff8
sisu
0.3.4-2.module+el8.6.0+20615+edd0bff8
slf4j
1.7.28-3.module+el8.6.0+20615+edd0bff8
Oracle Linux x86_64
Module maven:3.6 is enabled
aopalliance
1.0-20.module+el8.6.0+20615+edd0bff8
apache-commons-cli
1.4-7.module+el8.6.0+20615+edd0bff8
apache-commons-codec
1.13-3.module+el8.6.0+20615+edd0bff8
apache-commons-io
2.6-6.module+el8.6.0+20615+edd0bff8
apache-commons-lang3
3.9-4.module+el8.6.0+20615+edd0bff8
atinject
1-31.20100611svn86.module+el8.6.0+20615+edd0bff8
cdi-api
2.0.1-3.module+el8.6.0+20615+edd0bff8
geronimo-annotation
1.0-26.module+el8.6.0+20615+edd0bff8
google-guice
4.2.2-4.module+el8.6.0+20615+edd0bff8
guava
28.1-3.module+el8.6.0+20615+edd0bff8
httpcomponents-client
4.5.10-4.module+el8.6.0+20615+edd0bff8
httpcomponents-core
4.4.12-3.module+el8.6.0+20615+edd0bff8
jansi
1.18-4.module+el8.6.0+20615+edd0bff8
jcl-over-slf4j
1.7.28-3.module+el8.6.0+20615+edd0bff8
jsoup
1.12.1-3.module+el8.6.0+20615+edd0bff8
jsr-305
0-0.25.20130910svn.module+el8.6.0+20615+edd0bff8
maven
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-lib
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-openjdk11
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-openjdk17
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-openjdk8
3.6.2-7.module+el8.6.0+20615+edd0bff8
maven-resolver
1.4.1-3.module+el8.6.0+20615+edd0bff8
maven-shared-utils
3.2.1-0.4.module+el8.6.0+20675+b1cf145f
maven-wagon
3.3.4-2.module+el8.6.0+20615+edd0bff8
plexus-cipher
1.7-17.module+el8.6.0+20615+edd0bff8
plexus-classworlds
2.6.0-4.module+el8.6.0+20615+edd0bff8
plexus-containers-component-annotations
2.1.0-2.module+el8.6.0+20615+edd0bff8
plexus-interpolation
1.26-3.module+el8.6.0+20615+edd0bff8
plexus-sec-dispatcher
1.4-29.module+el8.6.0+20615+edd0bff8
plexus-utils
3.3.0-3.module+el8.6.0+20615+edd0bff8
sisu
0.3.4-2.module+el8.6.0+20615+edd0bff8
slf4j
1.7.28-3.module+el8.6.0+20615+edd0bff8
Связанные CVE
Связанные уязвимости
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...
