Critical severityNVD Advisory· Published May 23, 2022· Updated Aug 3, 2024
Commandline class shell injection vulnerabilities
CVE-2022-29599
Description
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.maven.shared:maven-shared-utilsMaven | < 3.3.3 | 3.3.3 |
Affected products
52- ghsa-coords51 versionspkg:maven/org.apache.maven.shared/maven-shared-utilspkg:rpm/almalinux/aopalliancepkg:rpm/almalinux/apache-commons-clipkg:rpm/almalinux/apache-commons-codecpkg:rpm/almalinux/apache-commons-iopkg:rpm/almalinux/apache-commons-lang3pkg:rpm/almalinux/apache-commons-loggingpkg:rpm/almalinux/atinjectpkg:rpm/almalinux/cdi-apipkg:rpm/almalinux/geronimo-annotationpkg:rpm/almalinux/glassfish-el-apipkg:rpm/almalinux/google-guicepkg:rpm/almalinux/guavapkg:rpm/almalinux/guava20pkg:rpm/almalinux/hawtjni-runtimepkg:rpm/almalinux/httpcomponents-clientpkg:rpm/almalinux/httpcomponents-corepkg:rpm/almalinux/jansipkg:rpm/almalinux/jansi-nativepkg:rpm/almalinux/jboss-interceptors-1.2-apipkg:rpm/almalinux/jcl-over-slf4jpkg:rpm/almalinux/jsouppkg:rpm/almalinux/jsr-305pkg:rpm/almalinux/mavenpkg:rpm/almalinux/maven-libpkg:rpm/almalinux/maven-openjdk11pkg:rpm/almalinux/maven-openjdk17pkg:rpm/almalinux/maven-openjdk8pkg:rpm/almalinux/maven-resolverpkg:rpm/almalinux/maven-resolver-apipkg:rpm/almalinux/maven-resolver-connector-basicpkg:rpm/almalinux/maven-resolver-implpkg:rpm/almalinux/maven-resolver-spipkg:rpm/almalinux/maven-resolver-transport-wagonpkg:rpm/almalinux/maven-resolver-utilpkg:rpm/almalinux/maven-shared-utilspkg:rpm/almalinux/maven-wagonpkg:rpm/almalinux/maven-wagon-filepkg:rpm/almalinux/maven-wagon-httppkg:rpm/almalinux/maven-wagon-http-sharedpkg:rpm/almalinux/maven-wagon-provider-apipkg:rpm/almalinux/plexus-cipherpkg:rpm/almalinux/plexus-classworldspkg:rpm/almalinux/plexus-containers-component-annotationspkg:rpm/almalinux/plexus-interpolationpkg:rpm/almalinux/plexus-sec-dispatcherpkg:rpm/almalinux/plexus-utilspkg:rpm/almalinux/sisupkg:rpm/almalinux/sisu-injectpkg:rpm/almalinux/sisu-plexuspkg:rpm/almalinux/slf4j
< 3.3.3+ 50 more
- (no CPE)range: < 3.3.3
- (no CPE)range: < 1.0-20.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.4-7.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.13-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1:2.6-6.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 3.9-4.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.2-13.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1-31.20100611svn86.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 2.0.1-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.0-26.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 3.0.1-0.7.b08.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 4.2.2-4.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 28.1-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 20.0-8.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1.16-2.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 4.5.10-4.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 4.4.12-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.18-4.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.7-7.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1.0.0-8.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1.7.28-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.12.1-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 0-0.25.20130910svn.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.4.1-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1:1.1.1-2.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1:1.1.1-2.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1:1.1.1-2.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1:1.1.1-2.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1:1.1.1-2.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1:1.1.1-2.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 3.2.1-0.5.module_el8.6.0+2903+d6ca2362
- (no CPE)range: < 3.3.4-2.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 3.1.0-1.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 3.1.0-1.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 3.1.0-1.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 3.1.0-1.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1.7-17.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 2.6.0-4.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 2.1.0-2.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.26-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1.4-29.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 3.3.0-3.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 0.3.4-2.module_el8.6.0+2786+d7c38b21
- (no CPE)range: < 1:0.3.3-6.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1:0.3.3-6.module_el8.6.0+2752+f1f3449e
- (no CPE)range: < 1.7.28-3.module_el8.6.0+2786+d7c38b21
- Apache Software Foundation/Apache Mavenv5Range: maven-shared-utils
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-rhgr-952r-6p8qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-29599ghsaADVISORY
- www.debian.org/security/2022/dsa-5242ghsavendor-advisoryx_refsource_DEBIANWEB
- www.openwall.com/lists/oss-security/2022/05/23/3ghsamailing-listx_refsource_MLISTWEB
- github.com/apache/maven-shared-utils/pull/40ghsax_refsource_MISCWEB
- issues.apache.org/jira/browse/MSHARED-297ghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2022/08/msg00018.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.