[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities
From:       Slawomir Jaranowski <sjaranowski () apache ! org>
Date:       2022-05-23 9:52:20
Message-ID: 4cd86c45-ac7c-3867-cae3-7f1f28a598eb () apache ! org
[Download RAW message or body]

Description:

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline =
class can emit double-quoted strings without proper escaping, allowing =
shell injection attacks.

This issue is being tracked as MSHARED-297

References:

https://issues.apache.org/jira/browse/MSHARED-297
https://github.com/apache/maven-shared-utils/pull/40

[prev in list] [next in list] [prev in thread] [next in thread]