apache maven-shared-utils CVE-2022-29599 in Apache and Debian Products
Published on May 23, 2022

Commandline class shell injection vulnerabilities

product logo product logo
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

Vendor Advisory NVD

Weakness Type

What is an Output Sanitization Vulnerability?

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CVE-2022-29599 has been classified to as an Output Sanitization vulnerability or weakness.


Products Associated with CVE-2022-29599

stack.watch emails you whenever new vulnerabilities are published in Apache Maven Shared Utils or Debian Linux. Just hit a watch button to start following.

Apache Maven Shared Utils
 
Debian Linux
 

Affected Versions

Apache Software Foundation Apache Maven:

Exploit Probability

EPSS
0.26%
Percentile
49.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.