Lucene search
Veracode Vulnerability DatabaseVERACODE:35667HistoryMay 24, 2022 - 6:21 a.m.
OS Command Injection
2022-05-2406:21:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
0.025 Low
EPSS
Percentile
90.3%
maven-shared-utils is vulnerable to OS command injection. The vulnerability exists due to the use of double-quoted strings without proper escaping which allows an attacker to execute shell commands.
References
www.openwall.com/lists/oss-security/2022/05/23/3
github.com/advisories/GHSA-rhgr-952r-6p8q
github.com/apache/maven-shared-utils/commit/f751e614c09df8de1a080dc1153931f3f68991c9
github.com/apache/maven-shared-utils/pull/40
issues.apache.org/jira/browse/MSHARED-297
lists.debian.org/debian-lts-announce/2022/08/msg00018.html
www.debian.org/security/2022/dsa-5242
www.openwall.com/lists/oss-security/2022/05/23/3
Related
osv
osv
maven-shared-utils - security update
2022-06-26 00:00:00
Important: maven:3.5 security update
2022-05-30 11:39:15
Important: maven:3.6 security update
2022-05-30 11:39:17
github
github
Command injection in Apache Maven maven-shared-utils
2022-05-24 00:01:49
oraclelinux
oraclelinux
maven-shared-utils security update
2022-04-29 00:00:00
maven:3.5 security update
2022-06-01 00:00:00
maven:3.6 security update
2022-06-01 00:00:00
nessus
nessus
Debian DSA-5242-1 : maven-shared-utils - security update
2022-09-29 00:00:00
Amazon Linux 2023 : maven-shared-utils, maven-shared-utils-javadoc (ALAS2023-2023-077)
2023-03-21 00:00:00
RHEL 7 : rh-maven36-maven-shared-utils (RHSA-2022:1662)
2022-05-02 00:00:00
cve
cve
CVE-2022-29599
2022-05-23 11:16:10
openvas
openvas
Debian: Security Advisory (DLA-3059-1)
2022-06-30 00:00:00
Fedora: Security Advisory for maven-shared-utils (FEDORA-2022-5d6aaab56e)
2022-05-09 00:00:00
Debian: Security Advisory (DLA-3086-1)
2022-08-30 00:00:00
almalinux
almalinux
Important: maven:3.5 security update
2022-05-30 11:39:15
Important: maven:3.6 security update
2022-05-30 11:39:17
redhat
redhat
(RHSA-2022:1662) Important: rh-maven36-maven-shared-utils security update
2022-05-02 07:48:12
(RHSA-2022:1541) Important: maven-shared-utils security update
2022-04-26 09:54:25
cnvd
cnvd
Apache Maven Command Injection Vulnerability
2022-04-28 00:00:00
ubuntu
ubuntu
Apache Maven Shared Utils vulnerability
2024-04-11 00:00:00
f5
f5
K97399672 : Apache Maven vulnerability CVE-2022-29599
2022-06-02 00:00:00
ubuntucve
ubuntucve
CVE-2022-29599
2022-05-23 00:00:00
cvelist
cvelist
CVE-2022-29599 Commandline class shell injection vulnerabilities
2022-05-23 10:25:10
fedora
fedora
[SECURITY] Fedora 34 Update: maven-shared-utils-3.2.1-0.9.fc34
2022-05-08 02:04:08
prion
prion
Design/Logic Flaw
2022-05-23 11:16:00
debian
debian
[SECURITY] [DLA 3059-1] maven-shared-utils security update
2022-06-29 10:49:00
[SECURITY] [DSA 5242-1] maven-shared-utils security update
2022-09-28 13:04:18
[SECURITY] [DLA 3086-1] maven-shared-utils security update
2022-08-29 12:49:12
rocky
rocky
maven:3.5 security update
2022-05-30 11:39:15
maven:3.6 security update
2022-05-30 11:39:17
nvd
nvd
CVE-2022-29599
2022-05-23 11:16:10
redhatcve
redhatcve
CVE-2022-29599
2022-04-25 12:22:15
amazon
amazon
Critical: maven-shared-utils
2022-05-04 01:01:00
debiancve
debiancve
CVE-2022-29599
2022-05-23 11:16:10
qualysblog
qualysblog
Oracle Patch Tuesday April 2023 Security Update Review
2023-04-19 11:47:21
Oracle Patch Tuesday, October 2023 Security Update Review
2023-10-18 17:11:20
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00