oss-sec mailing list archives
CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities
From: Slawomir Jaranowski <sjaranowski () apache org>
Date: Mon, 23 May 2022 09:52:20 +0000
Description: In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. This issue is being tracked as MSHARED-297 References: https://issues.apache.org/jira/browse/MSHARED-297 https://github.com/apache/maven-shared-utils/pull/40
Current thread:
- CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities Slawomir Jaranowski (May 23)