AVG-2736 log

Package maven
Status Fixed
Severity Critical
Type arbitrary command execution
Affected 3.3.2-1
Fixed 3.3.3-1
Current 3.8.6-1 [community]
Ticket None
Created Tue May 24 06:37:31 2022
Issue Severity Remote Type Description
CVE-2022-29599 Critical Yes Arbitrary command execution
the Commandline class in maven-shared-utils can emit double-quoted strings without proper escaping, allowing shell injection attacks