Lucene search

PRIOn knowledge basePRION:CVE-2022-29599

HistoryMay 23, 2022 - 11:16 a.m.

Design/Logic Flaw

2022-05-2311:16:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.3%

JSON

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

CPENameOperatorVersion
maven_shared_utilslt3.3.3
debian_linuxeq10.0
debian_linuxeq11.0

Name	Operator	Version
maven_shared_utils	lt	3.3.3
debian_linux	eq	10.0
debian_linux	eq	11.0

References

www.openwall.com/lists/oss-security/2022/05/23/3

github.com/apache/maven-shared-utils/pull/40

issues.apache.org/jira/browse/MSHARED-297

lists.debian.org/debian-lts-announce/2022/08/msg00018.html

www.debian.org/security/2022/dsa-5242