maven
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Java project management and project comprehension tool |
| Version | 3.8.7-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2736 | 3.3.2-1 | 3.3.3-1 | Critical | Fixed | |
| AVG-1863 | 3.6.3-1 | 3.8.1-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2022-29599 | AVG-2736 | Critical | Yes | Arbitrary command execution | the Commandline class in maven-shared-utils can emit double-quoted strings without proper escaping, allowing shell injection attacks |
| CVE-2021-26291 | AVG-1863 | Medium | Yes | Man-in-the-middle | Apache Maven may follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in... |
| CVE-2020-13956 | AVG-1863 | Medium | Yes | Insufficient validation | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as... |