Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Java project management and project comprehension tool
Version 3.9.8-1 [extra]


Group Affected Fixed Severity Status Ticket
AVG-2736 3.3.2-1 3.3.3-1 Critical Fixed
AVG-1863 3.6.3-1 3.8.1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2022-29599 AVG-2736 Critical Yes Arbitrary command execution
the Commandline class in maven-shared-utils can emit double-quoted strings without proper escaping, allowing shell injection attacks
CVE-2021-26291 AVG-1863 Medium Yes Man-in-the-middle
Apache Maven may follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in...
CVE-2020-13956 AVG-1863 Medium Yes Insufficient validation
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as...