[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities
From: Slawomir Jaranowski <sjaranowski () apache ! org>
Date: 2022-05-23 9:52:20
Message-ID: 4cd86c45-ac7c-3867-cae3-7f1f28a598eb () apache ! org
[Download RAW message or body]
Description:
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline =
class can emit double-quoted strings without proper escaping, allowing =
shell injection attacks.
This issue is being tracked as MSHARED-297
References:
https://issues.apache.org/jira/browse/MSHARED-297
https://github.com/apache/maven-shared-utils/pull/40
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic