RLSA-2022:4797

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2022:4797.json

Related

CVE-2022-29599

Published

2022-05-30T11:39:17Z

Modified

2023-02-02T13:43:48.524676Z

Summary

Important: maven:3.6 security update

Details

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

Rocky Linux:8 / aopalliance

Package

Name: aopalliance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-20.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / aopalliance

Package

Name: aopalliance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-20.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / apache-commons-cli

Package

Name: apache-commons-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-7.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / apache-commons-cli

Package

Name: apache-commons-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-7.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / apache-commons-codec

Package

Name: apache-commons-codec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.13-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / apache-commons-codec

Package

Name: apache-commons-codec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.13-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / apache-commons-io

Package

Name: apache-commons-io

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:2.6-6.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / apache-commons-io

Package

Name: apache-commons-io

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:2.6-6.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / apache-commons-lang3

Package

Name: apache-commons-lang3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.9-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / apache-commons-lang3

Package

Name: apache-commons-lang3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.9-4.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / atinject

Package

Name: atinject

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1-31.20100611svn86.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / atinject

Package

Name: atinject

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1-31.20100611svn86.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / cdi-api

Package

Name: cdi-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.0.1-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / cdi-api

Package

Name: cdi-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.0.1-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / geronimo-annotation

Package

Name: geronimo-annotation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-26.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / geronimo-annotation

Package

Name: geronimo-annotation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-26.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / google-guice

Package

Name: google-guice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.2.2-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / google-guice

Package

Name: google-guice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.2.2-4.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / guava

Package

Name: guava

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:28.1-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / guava

Package

Name: guava

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:28.1-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / httpcomponents-client

Package

Name: httpcomponents-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.10-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / httpcomponents-client

Package

Name: httpcomponents-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.10-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / httpcomponents-core

Package

Name: httpcomponents-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.4.12-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / httpcomponents-core

Package

Name: httpcomponents-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.4.12-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / jansi

Package

Name: jansi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.18-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / jansi

Package

Name: jansi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.18-4.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / jsoup

Package

Name: jsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.12.1-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / jsoup

Package

Name: jsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.12.1-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / jsr-305

Package

Name: jsr-305

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0-0.25.20130910svn.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / jsr-305

Package

Name: jsr-305

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0-0.25.20130910svn.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / maven

Package

Name: maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.6.2-6.module+el8.4.0+648+3fecd521

Rocky Linux:8 / maven

Package

Name: maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.6.2-7.module+el8.6.0+976+839b99e9

Rocky Linux:8 / maven

Package

Name: maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.6.2-7.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / maven-resolver

Package

Name: maven-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4.1-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / maven-resolver

Package

Name: maven-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4.1-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / maven-shared-utils

Package

Name: maven-shared-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.2.1-0.5.module+el8.6.0+976+839b99e9

Rocky Linux:8 / maven-wagon

Package

Name: maven-wagon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.3.4-2.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / maven-wagon

Package

Name: maven-wagon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.3.4-2.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-cipher

Package

Name: plexus-cipher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-17.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-cipher

Package

Name: plexus-cipher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-17.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-classworlds

Package

Name: plexus-classworlds

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.6.0-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-classworlds

Package

Name: plexus-classworlds

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.6.0-4.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-containers

Package

Name: plexus-containers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.1.0-2.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-containers

Package

Name: plexus-containers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.1.0-2.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-interpolation

Package

Name: plexus-interpolation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.26-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-interpolation

Package

Name: plexus-interpolation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.26-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-sec-dispatcher

Package

Name: plexus-sec-dispatcher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-29.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-sec-dispatcher

Package

Name: plexus-sec-dispatcher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-29.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-utils

Package

Name: plexus-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.3.0-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-utils

Package

Name: plexus-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.3.0-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / sisu

Package

Name: sisu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.3.4-2.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / sisu

Package

Name: sisu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.3.4-2.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.28-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.28-3.module+el8.3.0+134+f7791fe0