CVE-2022-29599

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29599

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29599.json

Aliases

GHSA-rhgr-952r-6p8q

Related

Published

2022-05-23T11:16:10Z

Modified

2023-11-29T09:38:56.919274Z

Details

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

References

Affected packages

Git / github.com/apache/maven-shared-utils

Affected ranges

Type: GIT
Repo: https://github.com/apache/maven-shared-utils
Events: Introduced

0The exact introduced commit is unknown

Fixed

cc010396156386d95e2acbc28f7aba32590243a2

Affected versions

maven-shared-utils-0.*

maven-shared-utils-0.1

maven-shared-utils-0.2

maven-shared-utils-0.3

maven-shared-utils-0.4

maven-shared-utils-0.5

maven-shared-utils-0.6

maven-shared-utils-0.7

maven-shared-utils-0.8

maven-shared-utils-0.9

maven-shared-utils-3.*

maven-shared-utils-3.0.0

maven-shared-utils-3.0.1

maven-shared-utils-3.1.0

maven-shared-utils-3.2.0

maven-shared-utils-3.2.1

maven-shared-utils-3.3.0

maven-shared-utils-3.3.1

maven-shared-utils-3.3.2