maven

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Java project management and project comprehension tool
Version 3.8.2-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1863 3.6.3-1 3.8.1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-26291 AVG-1863 Medium Yes Man-in-the-middle
Apache Maven may follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in...
CVE-2020-13956 AVG-1863 Medium Yes Insufficient validation
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as...