Описание
ELSA-2022-4798: maven:3.5 security update (IMPORTANT)
maven-shared-utils [3.2.1-0.2]
- Fix commandline injection vulnerability
- Resolves: CVE-2022-29599
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module maven:3.5 is enabled
aopalliance
1.0-17.module+el8+5161+5cac467c
apache-commons-cli
1.4-4.module+el8+5161+5cac467c
apache-commons-codec
1.11-3.module+el8+5161+5cac467c
apache-commons-io
2.6-3.module+el8+5161+5cac467c
apache-commons-lang3
3.7-3.module+el8+5161+5cac467c
apache-commons-logging
1.2-13.module+el8+5161+5cac467c
atinject
1-28.20100611svn86.module+el8+5161+5cac467c
cdi-api
1.2-8.module+el8+5161+5cac467c
geronimo-annotation
1.0-23.module+el8+5161+5cac467c
glassfish-el-api
3.0.1-0.7.b08.module+el8+5161+5cac467c
google-guice
4.1-11.module+el8+5161+5cac467c
guava20
20.0-8.module+el8+5161+5cac467c
hawtjni-runtime
1.16-2.module+el8+5161+5cac467c
httpcomponents-client
4.5.5-5.module+el8.6.0+20537+63b96daa
httpcomponents-core
4.4.10-3.module+el8+5161+5cac467c
jansi
1.17.1-1.module+el8+5161+5cac467c
jansi-native
1.7-7.module+el8+5161+5cac467c
jboss-interceptors-1.2-api
1.0.0-8.module+el8+5161+5cac467c
jcl-over-slf4j
1.7.25-4.module+el8+5161+5cac467c
jsoup
1.11.3-3.module+el8+5161+5cac467c
maven
3.5.4-5.module+el8+5161+5cac467c
maven-lib
3.5.4-5.module+el8+5161+5cac467c
maven-resolver-api
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-connector-basic
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-impl
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-spi
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-transport-wagon
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-util
1.1.1-2.module+el8+5161+5cac467c
maven-shared-utils
3.2.1-0.2.module+el8.6.0+20674+d36d0344
maven-wagon-file
3.1.0-1.module+el8+5161+5cac467c
maven-wagon-http
3.1.0-1.module+el8+5161+5cac467c
maven-wagon-http-shared
3.1.0-1.module+el8+5161+5cac467c
maven-wagon-provider-api
3.1.0-1.module+el8+5161+5cac467c
plexus-cipher
1.7-14.module+el8+5161+5cac467c
plexus-classworlds
2.5.2-9.module+el8+5161+5cac467c
plexus-containers-component-annotations
1.7.1-8.module+el8+5161+5cac467c
plexus-interpolation
1.22-9.module+el8+5161+5cac467c
plexus-sec-dispatcher
1.4-26.module+el8+5161+5cac467c
plexus-utils
3.1.0-3.module+el8+5161+5cac467c
sisu-inject
0.3.3-6.module+el8+5161+5cac467c
sisu-plexus
0.3.3-6.module+el8+5161+5cac467c
slf4j
1.7.25-4.module+el8+5161+5cac467c
Oracle Linux x86_64
Module maven:3.5 is enabled
aopalliance
1.0-17.module+el8+5161+5cac467c
apache-commons-cli
1.4-4.module+el8+5161+5cac467c
apache-commons-codec
1.11-3.module+el8+5161+5cac467c
apache-commons-io
2.6-3.module+el8+5161+5cac467c
apache-commons-lang3
3.7-3.module+el8+5161+5cac467c
apache-commons-logging
1.2-13.module+el8+5161+5cac467c
atinject
1-28.20100611svn86.module+el8+5161+5cac467c
cdi-api
1.2-8.module+el8+5161+5cac467c
geronimo-annotation
1.0-23.module+el8+5161+5cac467c
glassfish-el-api
3.0.1-0.7.b08.module+el8+5161+5cac467c
google-guice
4.1-11.module+el8+5161+5cac467c
guava20
20.0-8.module+el8+5161+5cac467c
hawtjni-runtime
1.16-2.module+el8+5161+5cac467c
httpcomponents-client
4.5.5-5.module+el8.6.0+20537+63b96daa
httpcomponents-core
4.4.10-3.module+el8+5161+5cac467c
jansi
1.17.1-1.module+el8+5161+5cac467c
jansi-native
1.7-7.module+el8+5161+5cac467c
jboss-interceptors-1.2-api
1.0.0-8.module+el8+5161+5cac467c
jcl-over-slf4j
1.7.25-4.module+el8+5161+5cac467c
jsoup
1.11.3-3.module+el8+5161+5cac467c
maven
3.5.4-5.module+el8+5161+5cac467c
maven-lib
3.5.4-5.module+el8+5161+5cac467c
maven-resolver-api
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-connector-basic
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-impl
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-spi
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-transport-wagon
1.1.1-2.module+el8+5161+5cac467c
maven-resolver-util
1.1.1-2.module+el8+5161+5cac467c
maven-shared-utils
3.2.1-0.2.module+el8.6.0+20674+d36d0344
maven-wagon-file
3.1.0-1.module+el8+5161+5cac467c
maven-wagon-http
3.1.0-1.module+el8+5161+5cac467c
maven-wagon-http-shared
3.1.0-1.module+el8+5161+5cac467c
maven-wagon-provider-api
3.1.0-1.module+el8+5161+5cac467c
plexus-cipher
1.7-14.module+el8+5161+5cac467c
plexus-classworlds
2.5.2-9.module+el8+5161+5cac467c
plexus-containers-component-annotations
1.7.1-8.module+el8+5161+5cac467c
plexus-interpolation
1.22-9.module+el8+5161+5cac467c
plexus-sec-dispatcher
1.4-26.module+el8+5161+5cac467c
plexus-utils
3.1.0-3.module+el8+5161+5cac467c
sisu-inject
0.3.3-6.module+el8+5161+5cac467c
sisu-plexus
0.3.3-6.module+el8+5161+5cac467c
slf4j
1.7.25-4.module+el8+5161+5cac467c
Связанные CVE
Связанные уязвимости
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...
