Uploaded image for project: 'Maven Shared Components'
  1. Maven Shared Components
  2. MSHARED-959

Upgrade Maven Shared Utils to 3.3.3

    XMLWordPrintableJSON

Details

    Description

      Affected versions of this package are vulnerable to Command Injection. The Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. The BourneShell class should unconditionally single-quote emitted strings (including the name of the command itself being quoted), with {{'"'"'}} used for embedded single quotes, for maximum safety across shells implementing a superset of POSIX quoting rules.

      This is a similar issue to SNYK-JAVA-ORGCODEHAUSPLEXUS-31522

      Attachments

        Activity

          People

            slachiewicz Sylwester Lachiewicz
            slachiewicz Sylwester Lachiewicz
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: