You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /target/lib/maven-shared-utils-3.2.0.jar,/home/wss-scanner/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.2.0/maven-shared-utils-3.2.0.jar
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
mend-for-github-combot
changed the title
CVE-2022-29599 (High) detected in maven-shared-utils-3.2.0.jar
CVE-2022-29599 (Critical) detected in maven-shared-utils-3.2.0.jar
Jul 2, 2023
CVE-2022-29599 - Critical Severity Vulnerability
Vulnerable Library - maven-shared-utils-3.2.0.jar
Shared utils without any further dependencies
Path to dependency file: /pom.xml
Path to vulnerable library: /target/lib/maven-shared-utils-3.2.0.jar,/home/wss-scanner/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.2.0/maven-shared-utils-3.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: c9274fc1e63b8167d9c9eb0ad6a2069bc2ea6b64
Found in base branch: main
Vulnerability Details
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Publish Date: 2022-05-23
URL: CVE-2022-29599
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-rhgr-952r-6p8q
Release Date: 2022-05-23
Fix Resolution: 3.3.3
The text was updated successfully, but these errors were encountered: