rpm package
almalinux/maven-openjdk17
pkg:rpm/almalinux/maven-openjdk17
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-29599 | — | < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21 | 1:3.6.2-7.module_el8.6.0+2786+d7c38b21 | May 23, 2022 | In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | ||
| CVE-2020-13956 | — | < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21 | 1:3.6.2-7.module_el8.6.0+2786+d7c38b21 | Dec 2, 2020 | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. |
- CVE-2022-29599May 23, 2022affected < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21fixed 1:3.6.2-7.module_el8.6.0+2786+d7c38b21
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
- CVE-2020-13956Dec 2, 2020affected < 1:3.6.2-7.module_el8.6.0+2786+d7c38b21fixed 1:3.6.2-7.module_el8.6.0+2786+d7c38b21
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.