AVG-2736 log
| Package | maven |
| Status | Fixed |
| Severity | Critical |
| Type | arbitrary command execution |
| Affected | 3.3.2-1 |
| Fixed | 3.3.3-1 |
| Current | 3.8.7-1 [extra] |
| Ticket | None |
| Created | Tue May 24 06:37:31 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-29599 | Critical | Yes | Arbitrary command execution | the Commandline class in maven-shared-utils can emit double-quoted strings without proper escaping, allowing shell injection attacks |