Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:4797

Опубликовано: 30 мая 2022
Источник: rocky
Оценка: Important

Описание

Important: maven:3.6 security update

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

  • maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
aopalliancenoarch20.module+el8.6.0+844+4401f2edaopalliance-1.0-20.module+el8.6.0+844+4401f2ed.noarch.rpm
apache-commons-clinoarch7.module+el8.6.0+844+4401f2edapache-commons-cli-1.4-7.module+el8.6.0+844+4401f2ed.noarch.rpm
apache-commons-ionoarch6.module+el8.6.0+844+4401f2edapache-commons-io-2.6-6.module+el8.6.0+844+4401f2ed.noarch.rpm
apache-commons-codecnoarch3.module+el8.6.0+844+4401f2edapache-commons-codec-1.13-3.module+el8.6.0+844+4401f2ed.noarch.rpm
apache-commons-lang3noarch4.module+el8.6.0+844+4401f2edapache-commons-lang3-3.9-4.module+el8.6.0+844+4401f2ed.noarch.rpm
atinjectnoarch31.20100611svn86.module+el8.6.0+844+4401f2edatinject-1-31.20100611svn86.module+el8.6.0+844+4401f2ed.noarch.rpm
cdi-apinoarch3.module+el8.6.0+844+4401f2edcdi-api-2.0.1-3.module+el8.6.0+844+4401f2ed.noarch.rpm
geronimo-annotationnoarch26.module+el8.6.0+844+4401f2edgeronimo-annotation-1.0-26.module+el8.6.0+844+4401f2ed.noarch.rpm
google-guicenoarch4.module+el8.6.0+844+4401f2edgoogle-guice-4.2.2-4.module+el8.6.0+844+4401f2ed.noarch.rpm
guavanoarch3.module+el8.6.0+844+4401f2edguava-28.1-3.module+el8.6.0+844+4401f2ed.noarch.rpm

Показывать по

Связанные CVE

CVE-2022-29599

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-29599

CVSS3: 9.8
ubuntu
около 3 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

redhat логотип

CVE-2022-29599

CVSS3: 9.8
redhat
около 5 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

nvd логотип

CVE-2022-29599

CVSS3: 9.8
nvd
около 3 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

debian логотип

CVE-2022-29599

CVSS3: 9.8
debian
около 3 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...

redos логотип

ROS-20240503-19

CVSS3: 9.8
redos
около 1 года назад

Уязвимость maven-shared-utils