Code injection

2020-01-0614:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

84.9%

JSON

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).

CPENameOperatorVersion
exec_maveneq1.1.1

CPE	Name	Operator	Version
	exec_maven	eq	1.1.1

References

drive.google.com/open?id=0B5UvrSwn4wuwTnNqSzZESjIwZHo5ZXhWdHh2T2Z0eWRCT1hF

drive.google.com/open?id=1GLs0d9IGArMVrlbEGbxgCjA1MuzIJk-3

www.mojohaus.org/exec-maven-plugin/