RLSA-2022:4797

Опубликовано: 30 мая 2022

Источник: rocky

Оценка: Important

Описание

Important: maven:3.6 security update

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Связанные CVE

CVE-2022-29599

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2066479
Red Hat - 2066479

Связанные уязвимости

CVE-2022-29599

CVSS3: 9.8

ubuntu

больше 3 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

CVE-2022-29599

CVSS3: 9.8

redhat

больше 5 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

CVE-2022-29599

CVSS3: 9.8

nvd

больше 3 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

CVE-2022-29599

CVSS3: 9.8

debian

больше 3 лет назад

In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...

RLSA-2022:4798

rocky

больше 3 лет назад

Important: maven:3.5 security update