Описание
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
Отчет
This issue affects the versions of plexus-utils as shipped with Red Hat Enterprise Linux 7 as well as Red Hat Satellite 6.0 and 6.1. Red Hat Satellite 6.2 and later do not ship plexus-utils, as such they are not affected by this vulnerability. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| JBoss Developer Studio 10 | plexus-utils | Under investigation | ||
| JBoss Developer Studio 8 | plexus-utils | Under investigation | ||
| Red Hat BPM Suite 6 | plexus-utils | Not affected | ||
| Red Hat Enterprise Linux 7 | plexus-utils | Will not fix | ||
| Red Hat Enterprise Linux 8 | plexus-utils | Not affected | ||
| Red Hat JBoss A-MQ 6 | plexus-utils | Affected | ||
| Red Hat JBoss BRMS 6 | plexus-utils | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | plexus-utils | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | plexus-utils | Will not fix | ||
| Red Hat JBoss Portal 6 | plexus-utils | Under investigation |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
Plexus-utils before 3.0.16 is vulnerable to command injection because ...
Уязвимость пакета Plexus-utils платформы расширенной аналитики IBM Netezza Analytics, позволяющая нарушителю выполнить произвольные команды
7.8 High
CVSS3