PT-2026-24611

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

Linux Distros Unpatched Vulnerability : CVE-2021-26291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Maven will follow repositories that are defined in a dependency's Project Object Model pom which may be surprising to some users, resulting in potential...

[SECURITY] Fedora 40 Update: jboss-parent-20-21.fc40

The Project Object Model files for JBoss packages...

[SECURITY] Fedora 40 Update: apache-commons-parent-66-3.fc40

The Project Object Model files for the apache-commons packages...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Apache Maven vulnerability (USN-5245-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5245-1 advisory. It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model pom even if...

USN-5805-1: Apache Maven vulnerability

It was discovered that Apache Maven followed repositories that are defined in a dependency’s Project Object Model pom even if the repositories weren't encryptedh http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...

USN-5245-1: Apache Maven vulnerability

It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model pom even if the repositories weren't encrypted http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...

maven: Block repositories using http by default

A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model pom, which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that...

PT-2021-7897

Name of the Vulnerable Software and Affected Versions Apache Maven versions prior to 3.8.1 Description The issue is related to shortcomings in the mechanism of confirming the source of data in the Apache Maven framework. Exploitation of this issue may allow a remote attacker to gain unauthorized...