RLSA-2022:4798

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2022:4798.json

Related

CVE-2022-29599

Published

2022-05-30T11:39:15Z

Modified

2023-02-02T13:43:37.684681Z

Summary

Important: maven:3.5 security update

Details

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

Rocky Linux:8 / aopalliance

Package

Name: aopalliance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-17.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / aopalliance

Package

Name: aopalliance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-17.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / aopalliance

Package

Name: aopalliance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-17.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / apache-commons-cli

Package

Name: apache-commons-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-4.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / apache-commons-cli

Package

Name: apache-commons-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-4.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / apache-commons-cli

Package

Name: apache-commons-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-4.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / apache-commons-codec

Package

Name: apache-commons-codec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.11-3.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / apache-commons-codec

Package

Name: apache-commons-codec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.11-3.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / apache-commons-codec

Package

Name: apache-commons-codec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.11-3.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / apache-commons-io

Package

Name: apache-commons-io

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:2.6-3.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / apache-commons-io

Package

Name: apache-commons-io

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:2.6-3.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / apache-commons-io

Package

Name: apache-commons-io

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:2.6-3.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / apache-commons-lang3

Package

Name: apache-commons-lang3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.7-3.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / apache-commons-lang3

Package

Name: apache-commons-lang3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.7-3.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / apache-commons-lang3

Package

Name: apache-commons-lang3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.7-3.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / apache-commons-logging

Package

Name: apache-commons-logging

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2-13.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / apache-commons-logging

Package

Name: apache-commons-logging

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2-13.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / atinject

Package

Name: atinject

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1-28.20100611svn86.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / atinject

Package

Name: atinject

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1-28.20100611svn86.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / atinject

Package

Name: atinject

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1-28.20100611svn86.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / cdi-api

Package

Name: cdi-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2-8.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / cdi-api

Package

Name: cdi-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2-8.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / cdi-api

Package

Name: cdi-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2-8.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / geronimo-annotation

Package

Name: geronimo-annotation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-23.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / geronimo-annotation

Package

Name: geronimo-annotation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-23.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / geronimo-annotation

Package

Name: geronimo-annotation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-23.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / glassfish-el

Package

Name: glassfish-el

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.1-0.7.b08.module+el8.6.0+975+c0ed2db8

Rocky Linux:8 / glassfish-el

Package

Name: glassfish-el

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.1-0.7.b08.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / glassfish-el

Package

Name: glassfish-el

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.1-0.7.b08.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / glassfish-el

Package

Name: glassfish-el

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.1-0.7.b08.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / google-guice

Package

Name: google-guice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.1-11.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / google-guice

Package

Name: google-guice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.1-11.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / google-guice

Package

Name: google-guice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.1-11.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / guava20

Package

Name: guava20

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:20.0-8.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / guava20

Package

Name: guava20

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:20.0-8.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / hawtjni

Package

Name: hawtjni

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.16-2.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / hawtjni

Package

Name: hawtjni

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.16-2.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / httpcomponents-client

Package

Name: httpcomponents-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.5-4.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / httpcomponents-client

Package

Name: httpcomponents-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.5-4.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / httpcomponents-client

Package

Name: httpcomponents-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.5-5.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / httpcomponents-core

Package

Name: httpcomponents-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.4.10-3.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / httpcomponents-core

Package

Name: httpcomponents-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.4.10-3.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / httpcomponents-core

Package

Name: httpcomponents-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.4.10-3.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / jansi

Package

Name: jansi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.17.1-1.module+el8.3.0+241+f23502a8

Rocky Linux:8 / jansi

Package

Name: jansi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.17.1-1.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / jansi

Package

Name: jansi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.17.1-1.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / jansi-native

Package

Name: jansi-native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-7.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / jansi-native

Package

Name: jansi-native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-7.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / jboss-interceptors-1.2-api

Package

Name: jboss-interceptors-1.2-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.0-8.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / jboss-interceptors-1.2-api

Package

Name: jboss-interceptors-1.2-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.0-8.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / jsoup

Package

Name: jsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.11.3-3.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / jsoup

Package

Name: jsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.11.3-3.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / jsoup

Package

Name: jsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.11.3-3.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / maven

Package

Name: maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.5.4-5.module+el8.6.0+975+c0ed2db8

Rocky Linux:8 / maven

Package

Name: maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.5.4-5.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / maven

Package

Name: maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.5.4-5.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / maven

Package

Name: maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.5.4-5.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / maven-resolver

Package

Name: maven-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:1.1.1-2.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / maven-resolver

Package

Name: maven-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:1.1.1-2.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / maven-resolver

Package

Name: maven-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:1.1.1-2.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / maven-wagon

Package

Name: maven-wagon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.1.0-1.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / maven-wagon

Package

Name: maven-wagon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.1.0-1.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / maven-wagon

Package

Name: maven-wagon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.1.0-1.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / maven-shared-utils

Package

Name: maven-shared-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.2.1-0.2.module+el8.6.0+975+c0ed2db8

Rocky Linux:8 / plexus-cipher

Package

Name: plexus-cipher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-14.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / plexus-cipher

Package

Name: plexus-cipher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-14.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / plexus-cipher

Package

Name: plexus-cipher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-14.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / plexus-classworlds

Package

Name: plexus-classworlds

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5.2-9.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / plexus-classworlds

Package

Name: plexus-classworlds

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5.2-9.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / plexus-classworlds

Package

Name: plexus-classworlds

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5.2-9.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / plexus-containers

Package

Name: plexus-containers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.1-8.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / plexus-containers

Package

Name: plexus-containers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.1-8.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / plexus-containers

Package

Name: plexus-containers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.1-8.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / plexus-interpolation

Package

Name: plexus-interpolation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.22-9.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / plexus-interpolation

Package

Name: plexus-interpolation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.22-9.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / plexus-interpolation

Package

Name: plexus-interpolation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.22-9.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / plexus-sec-dispatcher

Package

Name: plexus-sec-dispatcher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-26.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / plexus-sec-dispatcher

Package

Name: plexus-sec-dispatcher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-26.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / plexus-sec-dispatcher

Package

Name: plexus-sec-dispatcher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4-26.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / plexus-utils

Package

Name: plexus-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.1.0-3.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / plexus-utils

Package

Name: plexus-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.1.0-3.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / plexus-utils

Package

Name: plexus-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.1.0-3.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / sisu

Package

Name: sisu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:0.3.3-6.module+el8.6.0+843+5a13dac3

Rocky Linux:8 / sisu

Package

Name: sisu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:0.3.3-6.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / sisu

Package

Name: sisu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:0.3.3-6.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.25-4.module+el8.5.0+697+f586bb30

Rocky Linux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.25-4.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.25-4.module+el8.3.0+133+b8b54b58