Unity Linux 20.1070e Security Update: maven (UTSA-2026-017745)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017745 advisory. Apache Maven will follow repositories that are defined in a dependencys Project Object Model pom which may be surprising to some users, resulting in potential risk i...

This Week in Spring - April 14th, 2026

Hi, Spring fans! ¡Hola from Barcelona, Spain! I'm at the amazing Spring I/O event, hanging out with some of the amazing Spring ecosystem developers! Life is amazing here in the warm sun of springtime. There's a lot to look at this week, so let's dive right into it! Another nice tutorial on how to...

EUVD-2013-0284

Malware in sbrugna...

EUVD-2022-5176

Malicious code in bioql PyPI...

Critical Photon OS Security Update - PHSA-2025-4.0-0850

Updates of 'apache-maven' packages of Photon OS have been released...

Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS

Summary Vulnerabilities exist in IBM Netezza Analytics - NPS are addressed in 11.2.29 Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted request using an overly large...

TencentOS Server 3: maven:3.6 (TSSA-2022:0160)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0160 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to security restriction bypass due to the Apache Maven package (CVE-2021-26291)

Summary Apache Maven is used by DataStage on Cloud Pak for Data as part of build management. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security restrictions, caused by the use of http non-SSL repository references by default. By...

Linux Distros Unpatched Vulnerability : CVE-2021-26291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Maven will follow repositories that are defined in a dependency's Project Object Model pom which may be surprising to some users, resulting in potential...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Maven (CVE-2021-26291)

Summary A vulnerability in Apache Maven that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security restrictions, caused by the use of http non-SSL repository references by...

Security Bulletin: Vulnerabilities in Maven affect IBM watsonx.data

Summary Apache Maven could allow a remote attacker to either bypass security restrictions or to execute arbitrary commands on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Maven (CVE-2021-26291)

Summary UPDATE 21 AUGUST 2024: This fix has been updated. Please download and install the fix dated 21 August 2024. The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Maven. This bulletin identifies the steps to take to address the vulnerability. Vulnerability...

This Week in Spring - June 25th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in Par...

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I...

ROS-20240514-02

A vulnerability in the Apache Maven framework is related to a flaw in the data source validation mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

ROS-20240503-19

A vulnerability in the Apache Maven framework is related to the generation of double-quoted strings without proper escaping. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a shell-based attack. shell attacks...

ROS-20240503-18

A vulnerability in the Apache Maven framework is related to the generation of double-quoted strings without proper escaping. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a shell-based attack. shell attacks A vulnerability in the Apache Maven framework is...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5 Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitra...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Maven Shared Utils vulnerability (USN-6730-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6730-1 advisory. It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell...

USN-6730-1: Apache Maven Shared Utils vulnerability

It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...