Vulnerability Database
Blog
FAQ
Docs
RHSA-2022:1860
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2022:1860
Import Source
https://security.access.redhat.com/data/osv/RHSA-2022:1860.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2022:1860
Related
CVE-2020-13956
Published
2024-10-01T18:20:25Z
Modified
2024-11-22T23:42:32Z
Severity
5.3 (Medium)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Calculator
Summary
Red Hat Security Advisory: maven:3.6 security and enhancement update
Details
References
https://access.redhat.com/errata/RHSA-2022:1860
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
https://bugzilla.redhat.com/show_bug.cgi?id=1886587
https://bugzilla.redhat.com/show_bug.cgi?id=1991521
https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1860.json
https://access.redhat.com/security/cve/CVE-2020-13956
https://www.cve.org/CVERecord?id=CVE-2020-13956
https://nvd.nist.gov/vuln/detail/CVE-2020-13956
https://www.openwall.com/lists/oss-security/2020/10/08/4
Affected packages
Red Hat:enterprise_linux:8::appstream
/
aopalliance
Package
Name
aopalliance
Purl
pkg:rpm/redhat/aopalliance
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0-20.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
apache-commons-cli
Package
Name
apache-commons-cli
Purl
pkg:rpm/redhat/apache-commons-cli
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.4-7.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
apache-commons-codec
Package
Name
apache-commons-codec
Purl
pkg:rpm/redhat/apache-commons-codec
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.13-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
apache-commons-io
Package
Name
apache-commons-io
Purl
pkg:rpm/redhat/apache-commons-io
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:2.6-6.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
apache-commons-lang3
Package
Name
apache-commons-lang3
Purl
pkg:rpm/redhat/apache-commons-lang3
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.9-4.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
atinject
Package
Name
atinject
Purl
pkg:rpm/redhat/atinject
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
cdi-api
Package
Name
cdi-api
Purl
pkg:rpm/redhat/cdi-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.1-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
geronimo-annotation
Package
Name
geronimo-annotation
Purl
pkg:rpm/redhat/geronimo-annotation
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0-26.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
google-guice
Package
Name
google-guice
Purl
pkg:rpm/redhat/google-guice
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.2.2-4.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
guava
Package
Name
guava
Purl
pkg:rpm/redhat/guava
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:28.1-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
httpcomponents-client
Package
Name
httpcomponents-client
Purl
pkg:rpm/redhat/httpcomponents-client
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.5.10-4.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
httpcomponents-core
Package
Name
httpcomponents-core
Purl
pkg:rpm/redhat/httpcomponents-core
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.4.12-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
jansi
Package
Name
jansi
Purl
pkg:rpm/redhat/jansi
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.18-4.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
jcl-over-slf4j
Package
Name
jcl-over-slf4j
Purl
pkg:rpm/redhat/jcl-over-slf4j
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.28-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
jsoup
Package
Name
jsoup
Purl
pkg:rpm/redhat/jsoup
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.12.1-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
jsr-305
Package
Name
jsr-305
Purl
pkg:rpm/redhat/jsr-305
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
maven
Package
Name
maven
Purl
pkg:rpm/redhat/maven
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
maven-lib
Package
Name
maven-lib
Purl
pkg:rpm/redhat/maven-lib
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
maven-openjdk11
Package
Name
maven-openjdk11
Purl
pkg:rpm/redhat/maven-openjdk11
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
maven-openjdk17
Package
Name
maven-openjdk17
Purl
pkg:rpm/redhat/maven-openjdk17
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
maven-openjdk8
Package
Name
maven-openjdk8
Purl
pkg:rpm/redhat/maven-openjdk8
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
maven-resolver
Package
Name
maven-resolver
Purl
pkg:rpm/redhat/maven-resolver
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.4.1-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
maven-shared-utils
Package
Name
maven-shared-utils
Purl
pkg:rpm/redhat/maven-shared-utils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.2.1-0.4.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
maven-wagon
Package
Name
maven-wagon
Purl
pkg:rpm/redhat/maven-wagon
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.3.4-2.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
plexus-cipher
Package
Name
plexus-cipher
Purl
pkg:rpm/redhat/plexus-cipher
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7-17.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
plexus-classworlds
Package
Name
plexus-classworlds
Purl
pkg:rpm/redhat/plexus-classworlds
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.6.0-4.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
plexus-containers
Package
Name
plexus-containers
Purl
pkg:rpm/redhat/plexus-containers
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.1.0-2.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
plexus-containers-component-annotations
Package
Name
plexus-containers-component-annotations
Purl
pkg:rpm/redhat/plexus-containers-component-annotations
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.1.0-2.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
plexus-interpolation
Package
Name
plexus-interpolation
Purl
pkg:rpm/redhat/plexus-interpolation
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.26-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
plexus-sec-dispatcher
Package
Name
plexus-sec-dispatcher
Purl
pkg:rpm/redhat/plexus-sec-dispatcher
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.4-29.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
plexus-utils
Package
Name
plexus-utils
Purl
pkg:rpm/redhat/plexus-utils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.3.0-3.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
sisu
Package
Name
sisu
Purl
pkg:rpm/redhat/sisu
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.3.4-2.module+el8.6.0+13337+afcb49ec
Red Hat:enterprise_linux:8::appstream
/
slf4j
Package
Name
slf4j
Purl
pkg:rpm/redhat/slf4j
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.28-3.module+el8.6.0+13337+afcb49ec
RHSA-2022:1860 - OSV