Lucene search

UbuntuUSN-6730-1

HistoryApr 11, 2024 - 12:00 a.m.

Apache Maven Shared Utils vulnerability

2024-04-1100:00:00

ubuntu.com

apache maven shared utils

ubuntu 22.04 lts

ubuntu 20.04 lts

ubuntu 18.04 esm

ubuntu 16.04 esm

ubuntu 14.04 esm

maven-shared-utils

shell injection attacks

arbitrary code

unix

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.025

Percentile

90.2%

JSON

Releases

Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

maven-shared-utils - A collection of Maven utility classes.

Details

It was discovered that Apache Maven Shared Utils did not handle double-quoted
strings properly, allowing shell injection attacks. This could allow an
attacker to run arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchlibmaven-shared-utils-java< 3.3.0-1ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchlibmaven-shared-utils-java-doc< 3.3.0-1ubuntu0.22.04.1UNKNOWN
Ubuntu20.04noarchlibmaven-shared-utils-java< 3.3.0-1ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchlibmaven-shared-utils-java-doc< 3.3.0-1ubuntu0.20.04.1UNKNOWN
Ubuntu18.04noarchlibmaven-shared-utils-java< 3.3.0-1ubuntu0.18.04.1~esm1UNKNOWN
Ubuntu18.04noarchlibmaven-shared-utils-java< 3.3.0-1~18.04UNKNOWN
Ubuntu18.04noarchlibmaven-shared-utils-java-doc< 3.3.0-1~18.04UNKNOWN
Ubuntu16.04noarchlibmaven-shared-utils-java< 0.9-1ubuntu0.1~esm1UNKNOWN
Ubuntu16.04noarchlibmaven-shared-utils-java< 0.9-1UNKNOWN
Ubuntu16.04noarchlibmaven-shared-utils-java-doc< 0.9-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.04	noarch	libmaven-shared-utils-java	< 3.3.0-1ubuntu0.22.04.1	UNKNOWN
Ubuntu	22.04	noarch	libmaven-shared-utils-java-doc	< 3.3.0-1ubuntu0.22.04.1	UNKNOWN
Ubuntu	20.04	noarch	libmaven-shared-utils-java	< 3.3.0-1ubuntu0.20.04.1	UNKNOWN
Ubuntu	20.04	noarch	libmaven-shared-utils-java-doc	< 3.3.0-1ubuntu0.20.04.1	UNKNOWN
Ubuntu	18.04	noarch	libmaven-shared-utils-java	< 3.3.0-1ubuntu0.18.04.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	libmaven-shared-utils-java	< 3.3.0-1~18.04	UNKNOWN
Ubuntu	18.04	noarch	libmaven-shared-utils-java-doc	< 3.3.0-1~18.04	UNKNOWN
Ubuntu	16.04	noarch	libmaven-shared-utils-java	< 0.9-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	16.04	noarch	libmaven-shared-utils-java	< 0.9-1	UNKNOWN
Ubuntu	16.04	noarch	libmaven-shared-utils-java-doc	< 0.9-1	UNKNOWN