maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

[SECURITY] Fedora 34 Update: maven-shared-utils-3.2.1-0.9.fc34

This project aims to be a functional replacement for plexus-utils in Maven. It is not a 100% API compatible replacement though but a replacement with improvements: lots of methods got cleaned up, generics got added and we dropp ed a lot of unused code...

3.6 bug fix and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

JFrog < 7.11.1 Multiple Vulnerabilities

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.11.1. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This...

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Plexus-utils (CVE-2017-1000487)

Summary Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By sending contents with double quoted strings, an attacker could exploit this vulnerability to execute arbitrary commands on the system...

Debian DSA-4146-1 : plexus-utils - security update

Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...

[SECURITY] [DSA 4146-1] plexus-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4146-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2018 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4146-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1236-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1236-1 : plexus-utils security update

Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands. For Debian 7 'Wheezy', these problems have been...

[SECURITY] [DLA 1236-1] plexus-utils security update

Package : plexus-utils Version : 1:1.5.15-4+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to injec...

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

DEBIAN-CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

CVE-2017-1000487

Plexus-utils (component: Plexus-utils library) is vulnerable prior to version 3.0.16 due to improper handling of contents inside double-quoted strings, enabling potential command injection. Affected product references indicate compatibility and remediation paths, with fixes available in 3.0.16 or...

Command Line Shell Injection

plexus-utils is vulnerable to command line shell injection. The library does not correctly quote the contents of double-quoted strings, allowing a malicious user to inject and execute arbitrary shell code...