Important: maven:3.5 security update

🗓️ 30 May 2022 11:39:15Reported by AlmaLinuxType

almalinux

almalinux🔗 errata.almalinux.org👁 60 Views

Apache Maven Shared Utils project security update for command injection

Reporter	Title	Published	Views	Family All 163
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit	30 Jun 202309:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Maven affect IBM watsonx.data	18 Sep 202419:42	–	ibm
ATTACKERKB	CVE-2022-29599	23 May 202211:16	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : maven-shared-utils, maven-shared-utils-javadoc (ALAS2022-2022-060)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : maven-shared-utils (ALAS2022-2022-242)	10 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : maven-shared-utils, maven-shared-utils-javadoc (ALAS2023-2023-077)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : maven-shared-utils (ALAS-2022-1794)	5 May 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0160: maven:3.6 (ALINUX3-SA-2022:0160)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : maven:3.6 (ALSA-2022:4797)	6 Jun 202200:00	–	nessus
Tenable Nessus	AlmaLinux 8 : maven:3.5 (ALSA-2022:4798)	6 Jun 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
almalinux	8	noarch	google-guice	4.1-11.module_el8.6.0+2752+f1f3449e	google-guice-4.1-11.module_el8.6.0+2752+f1f3449e.noarch.rpm
almalinux	8	noarch	maven-resolver-transport-wagon	1.1.1-2.module_el8.6.0+2752+f1f3449e	maven-resolver-transport-wagon-1.1.1-2.module_el8.6.0+2752+f1f3449e.noarch.rpm
almalinux	8	noarch	apache-commons-logging	1.2-13.module_el8.6.0+2752+f1f3449e	apache-commons-logging-1.2-13.module_el8.6.0+2752+f1f3449e.noarch.rpm
almalinux	8	noarch	maven-wagon-file	3.1.0-1.module_el8.6.0+2752+f1f3449e	maven-wagon-file-3.1.0-1.module_el8.6.0+2752+f1f3449e.noarch.rpm
almalinux	8	noarch	httpcomponents-client	4.5.5-5.module_el8.6.0+2752+f1f3449e	httpcomponents-client-4.5.5-5.module_el8.6.0+2752+f1f3449e.noarch.rpm
almalinux	8	noarch	maven-resolver-spi	1.1.1-2.module_el8.6.0+2752+f1f3449e	maven-resolver-spi-1.1.1-2.module_el8.6.0+2752+f1f3449e.noarch.rpm
almalinux	8	noarch	plexus-cipher	1.7-14.module_el8.6.0+2752+f1f3449e	plexus-cipher-1.7-14.module_el8.6.0+2752+f1f3449e.noarch.rpm
almalinux	8	noarch	maven-shared-utils	3.2.1-0.2.module_el8.6.0+2902+097a4293	maven-shared-utils-3.2.1-0.2.module_el8.6.0+2902+097a4293.noarch.rpm
almalinux	8	noarch	maven-resolver-connector-basic	1.1.1-2.module_el8.6.0+2752+f1f3449e	maven-resolver-connector-basic-1.1.1-2.module_el8.6.0+2752+f1f3449e.noarch.rpm
almalinux	8	noarch	maven-wagon-provider-api	3.1.0-1.module_el8.6.0+2752+f1f3449e	maven-wagon-provider-api-3.1.0-1.module_el8.6.0+2752+f1f3449e.noarch.rpm

Source	Link
errata	www.errata.almalinux.org/8/ALSA-2022-4798.html
vulners	www.vulners.com/cve/CVE-2022-29599

30 May 2022 11:39Current

9.4High risk

Vulners AI Score9.4

CVSS 27.5

CVSS 3.19.8

EPSS0.04031

apache maven shared utils security update command injection cve-2022-29599 references section unix