maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

[SECURITY] [DSA 4149-1] plexus-utils2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4149-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4146-1] plexus-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4146-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2018 https://www.debian.org/security/faq -...

Debian DLA-1236-1 : plexus-utils security update

Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands. For Debian 7 'Wheezy', these problems have been...