3 matches found
aero.albers.osmbse:mdzip-process-sources-maven-plugin (=0.0.1), aero.albers.osmbse:mdzip-validate-maven-plugin (=0.0.1) +4584 more potentially affected by CVE-2022-29599 via org.apache.maven.shared:maven-shared-utils (>=0.1 <=3.2.1)
org.apache.maven.shared:maven-shared-utils MAVEN version =0.1, =1.0.0, =2.0.2.RELEASE, =2.0.0.RELEASE, =1.0.0, =1.0.0, =4.1.0, =4.0.0, =3.5.6, =3.5.6, =1.0, =3.3 - au.net.causal.maven.plugins:browserbox-maven-plugin =1.0 and more Source cves: CVE-2022-29599 Source advisory: OSV:GHSA-RHGR-952R-6P8...
CVE-2022-29599
creationtimestamp| type| source ---|---|--- 2022-05-23 14:36:02+00:00| seen| https://t.me/cibsecurity/43155...
UBUNTU-CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...