Lucene search

K
cvelistApacheCVELIST:CVE-2022-29599
HistoryMay 23, 2022 - 10:25 a.m.

CVE-2022-29599 Commandline class shell injection vulnerabilities

2022-05-2310:25:10
CWE-116
apache
www.cve.org

9.8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

CNA Affected

[
  {
    "product": "Apache Maven",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.3.3",
        "status": "affected",
        "version": "maven-shared-utils",
        "versionType": "custom"
      }
    ]
  }
]