Lucene search

UbuntuUSN-6730-1

HistoryApr 11, 2024 - 12:00 a.m.

Apache Maven Shared Utils vulnerability

2024-04-1100:00:00

ubuntu.com

apache maven shared utils

ubuntu 22.04 lts

ubuntu 20.04 lts

ubuntu 18.04 esm

ubuntu 16.04 esm

ubuntu 14.04 esm

maven-shared-utils

shell injection attacks

arbitrary code

unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Releases

Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

maven-shared-utils - A collection of Maven utility classes.

Details

It was discovered that Apache Maven Shared Utils did not handle double-quoted
strings properly, allowing shell injection attacks. This could allow an
attacker to run arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchlibmaven-shared-utils-java< 3.3.0-1ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchlibmaven-shared-utils-java-doc< 3.3.0-1ubuntu0.22.04.1UNKNOWN
Ubuntu20.04noarchlibmaven-shared-utils-java< 3.3.0-1ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchlibmaven-shared-utils-java-doc< 3.3.0-1ubuntu0.20.04.1UNKNOWN
Ubuntu18.04noarchlibmaven-shared-utils-java< 3.3.0-1ubuntu0.18.04.1~esm1UNKNOWN
Ubuntu18.04noarchlibmaven-shared-utils-java< 3.3.0-1~18.04UNKNOWN
Ubuntu18.04noarchlibmaven-shared-utils-java-doc< 3.3.0-1~18.04UNKNOWN
Ubuntu16.04noarchlibmaven-shared-utils-java< 0.9-1ubuntu0.1~esm1UNKNOWN
Ubuntu16.04noarchlibmaven-shared-utils-java< 0.9-1UNKNOWN
Ubuntu16.04noarchlibmaven-shared-utils-java-doc< 0.9-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.04	noarch	libmaven-shared-utils-java	< 3.3.0-1ubuntu0.22.04.1	UNKNOWN
Ubuntu	22.04	noarch	libmaven-shared-utils-java-doc	< 3.3.0-1ubuntu0.22.04.1	UNKNOWN
Ubuntu	20.04	noarch	libmaven-shared-utils-java	< 3.3.0-1ubuntu0.20.04.1	UNKNOWN
Ubuntu	20.04	noarch	libmaven-shared-utils-java-doc	< 3.3.0-1ubuntu0.20.04.1	UNKNOWN
Ubuntu	18.04	noarch	libmaven-shared-utils-java	< 3.3.0-1ubuntu0.18.04.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	libmaven-shared-utils-java	< 3.3.0-1~18.04	UNKNOWN
Ubuntu	18.04	noarch	libmaven-shared-utils-java-doc	< 3.3.0-1~18.04	UNKNOWN
Ubuntu	16.04	noarch	libmaven-shared-utils-java	< 0.9-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	16.04	noarch	libmaven-shared-utils-java	< 0.9-1	UNKNOWN
Ubuntu	16.04	noarch	libmaven-shared-utils-java-doc	< 0.9-1	UNKNOWN