Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:4699: Red Hat Security Advisory: maven:3.5 security update

An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-29599: maven-shared-utils: Command injection via Commandline class
Red Hat Security Data
#vulnerability#google#linux#red_hat#apache#js#java#sap#maven

Synopsis

Important: maven:3.5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

  • maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2066479 - CVE-2022-29599 maven-shared-utils: Command injection via Commandline class

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

aopalliance-1.0-17.module+el8+2452+b359bfcd.src.rpm

SHA-256: 8b2414418fbb37c5b0c5315fdce7df988c1b077ad4ece82a01a6319355cd9ccd

apache-commons-cli-1.4-4.module+el8+2452+b359bfcd.src.rpm

SHA-256: 2fd8b6b3d5eb7877cdf5f5455c5e987635f89ea9e480dd851658f04b59ebc1c3

apache-commons-codec-1.11-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: 8a3c4b69a37a11eaa8002dcbb0c5ed5eb0d2761df46b0a51841c2fc8db9bac21

apache-commons-io-2.6-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: fb775209800ac486c3e2e482c3537291561599973376f6963e61ea12a9a6701d

apache-commons-lang3-3.7-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: d50f5afb6b19e9bfa5f98fd9d317ed942ed9c0fe2e78d12f5503d9aabcd40e5b

apache-commons-logging-1.2-13.module+el8+2452+b359bfcd.src.rpm

SHA-256: d960b421ad3a4fe7a5a17164d47364b39a39d55cc9dac6942f05f3496abedaa2

atinject-1-28.20100611svn86.module+el8+2452+b359bfcd.src.rpm

SHA-256: ee153f54dc5a0e68f40f14c9f1d513c4dfb4cc9ee2b940dbba19c69344099a77

cdi-api-1.2-8.module+el8+2452+b359bfcd.src.rpm

SHA-256: b4f599bbba9b6e6905d0cee232194be94feb752b381fb09bad6ce92b399642d5

geronimo-annotation-1.0-23.module+el8+2452+b359bfcd.src.rpm

SHA-256: 706753d3acfe698445effdbe4db2ccb2454b5c49c8dd99ee041185ca6b0dbc89

glassfish-el-3.0.1-0.7.b08.module+el8+2452+b359bfcd.src.rpm

SHA-256: b506043db4877954030c17f5dde68c0193b66595d1fa47613a79b656857352d0

google-guice-4.1-11.module+el8+2452+b359bfcd.src.rpm

SHA-256: bcd754e2e8bfa9f65cd425f927cecbf81fc745953157952bcd11c4d55863ef0b

guava20-20.0-8.module+el8+2452+b359bfcd.src.rpm

SHA-256: 1c6c5a4a45e5aa0056c70be573cf6adf45c21378b7869f19e3a2ee101195e09b

hawtjni-1.16-2.module+el8+2452+b359bfcd.src.rpm

SHA-256: 6db6aa3497e612eac06d277ce4e707dae927ffe345597c600d65a24e2e147179

httpcomponents-client-4.5.5-4.module+el8+2452+b359bfcd.src.rpm

SHA-256: bda003cd86b38cbfe780e68793ea0d2985b9901bc1ebbda69f75e4c76af030ca

httpcomponents-core-4.4.10-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: 989203be51a3e5bc2957926cadc3bda78180dfb10861e3bf1cdd3bddb1099a57

jansi-1.17.1-1.module+el8+2452+b359bfcd.src.rpm

SHA-256: be0b4303487256a7fbe66eb6154599f6b3296443ea9adb02ea70f7e30099122a

jansi-native-1.7-7.module+el8+2452+b359bfcd.src.rpm

SHA-256: 001da756c4f1b4d2780f6e7dde6941b605cb65288ec7c0720dd53d0dc77f6050

jboss-interceptors-1.2-api-1.0.0-8.module+el8+2452+b359bfcd.src.rpm

SHA-256: cfaae33778d6754b58a2c1210be775eb6bb93d9775cee50f05d915573c9a0f5b

jsoup-1.11.3-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: 702559e839077b4103194a714bc35300686f7f45195cfa277e984d06feaac8c0

maven-3.5.4-5.module+el8+2452+b359bfcd.src.rpm

SHA-256: fc0b773e680a0f1d37e227c7a608b01555505290ca3aaea319154050cd498bc9

maven-resolver-1.1.1-2.module+el8+2452+b359bfcd.src.rpm

SHA-256: 343fb38c71c434ac7aa101448ff8d8a0d5a1b95c1c9939c37d853efad9b9db5c

maven-shared-utils-3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src.rpm

SHA-256: ccb5dd05c884b078b9497c49ebc17e084ae94adf68f29125365169006f440612

maven-wagon-3.1.0-1.module+el8+2452+b359bfcd.src.rpm

SHA-256: bba86e7ace838c49e2a644a8ea676d73892bbc50047e533773df1c97e7ee6ad0

plexus-cipher-1.7-14.module+el8+2452+b359bfcd.src.rpm

SHA-256: a83e949fb2c76ed6f7dee0e183da00291c8554868cdaa3d8886bac38049953a0

plexus-classworlds-2.5.2-9.module+el8+2452+b359bfcd.src.rpm

SHA-256: dc7ce40fdb7638a3fe2896a3e05db88c96e45fd6fd4a566a43327fa9dd485902

plexus-containers-1.7.1-8.module+el8+2452+b359bfcd.src.rpm

SHA-256: 0617b02971570bb7b9174f31a0a28656d063f8d7883a9447a6b3db0d4ed44112

plexus-interpolation-1.22-9.module+el8+2452+b359bfcd.src.rpm

SHA-256: c19e630930c6f4c1db2357f80780cde6522770aa09c72ac4a257f713ad5988bf

plexus-sec-dispatcher-1.4-26.module+el8+2452+b359bfcd.src.rpm

SHA-256: 7c4045d60f55e299b867bd6c66d46756ab5698ffaf158c6b6134d23119db235f

plexus-utils-3.1.0-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: fd5862028b960df7cb7303f92a009f1fab8af3d7b3e9218234f5732ebfa917d3

sisu-0.3.3-6.module+el8+2452+b359bfcd.src.rpm

SHA-256: 728b2b9d994b4c605c8ef3e4df595106e380badbf91f96ca3be3f65e282d14b9

slf4j-1.7.25-4.module+el8+2452+b359bfcd.src.rpm

SHA-256: 93882544e09b20e797ffce3c8f2c54aef0529cb645c433712cceabe5c7dedb7c

ppc64le

aopalliance-1.0-17.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: e19a5cf17f596626e4e0c2c1db8887f0ad5696274a7bfee897538057a192287c

apache-commons-cli-1.4-4.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: aa81034e2e4e28cf481fd04c28632a74ab56a384e83b9327a26086a417a524f8

apache-commons-codec-1.11-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: afce011f0e79e648ecac5d3701654af278ee943ddcabe362f776269e3a531a66

apache-commons-io-2.6-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 1abbf70fdfb484ddef0b97e9f9d229d12e6a093b2897775348310c50679a0b6d

apache-commons-lang3-3.7-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 360fe6def088bb07a4c4f4f1030d58d72950e821ac16a14af89eb0921f7f94c3

apache-commons-logging-1.2-13.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 9186fd4141379b265d1c5177e72f120346d64a9b774274023a2b5cb4d8f7f343

atinject-1-28.20100611svn86.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 34353ba53ebb48e372a63b75f191a8ee35e505308c86dabc797924e73ec717aa

cdi-api-1.2-8.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 0990daaf50d43fc40b7e08eb2d7404d6f86815493bf04c85cb5c55e5a65dd80e

geronimo-annotation-1.0-23.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 55175ebf6148532da3bf80a0498f2c9b0cc60dcfa4fa36af0b4b674d06848b79

glassfish-el-api-3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: a1fa239f4bb56898d9b1b1cb3462bfa261a4ad8e1cc60a28c44b0678c3a53517

google-guice-4.1-11.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 352a920552646a32c0b21182bdf8a6e0cdce93f9f27cf5b4e25145f95d3a7d44

guava20-20.0-8.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: c9ca8eeca2935b6a62a3baa26dba14c29968ceb395a4ab89a75e6721c8e56cad

hawtjni-runtime-1.16-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 779b1e02969adf6bc1af40377fcd016f6cf4e52b4352dc1a71477686db52c6d4

httpcomponents-client-4.5.5-4.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: ef5b47949359c57afcca667270880dde89c7f2596bd12750a3ad6faf8451359d

httpcomponents-core-4.4.10-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 49ee9c0f27637deb87847c35ffb25a56c50d5eed5a6ac951ade67a3512a15fe4

jansi-1.17.1-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 9c083d562f3cc23bd8b9d08ff289bdfdb92d6e7f3260be0bb9f5a9f77336ae0b

jboss-interceptors-1.2-api-1.0.0-8.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 410624e69092fcac533386ef4a161f2ca104834e6ca82849b1062b43ca807821

jcl-over-slf4j-1.7.25-4.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: e072814e0e88bbb88a940a98c9735df073b0684125cb3975d267e7ed7e0e8918

jsoup-1.11.3-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: ecf8e778c8e25e981601af30cf9380c641b9e9072aa483f6834ace805a547880

maven-3.5.4-5.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 3c3023c718ae786b392675585ba9936064c39c085308aad1e790c14639d14ccc

maven-lib-3.5.4-5.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 15edc29233c306988b2c1f43fe35a6d6134767a874d45c7883635cfe1ac468f4

maven-resolver-api-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: a8db84db7a8efcb9dce2720343a0841c46ba31ea997d0602dd69672dd2815cc1

maven-resolver-connector-basic-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: b87b892d176437bcb2db5212a69c45e4ab2f05ab6ec3e1ecd4c4e9f23e3b4502

maven-resolver-impl-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: da0cb84cfe6d92a598f2304d7e7340205781d489a609bdf14ddfd6ae412c9788

maven-resolver-spi-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 0da49501768f2dd9602b196bb8545b7faac382158873a2416f8be22ae26df54c

maven-resolver-transport-wagon-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 8240328ca7f357e02ae779adbac79d4758499540668ad2f21b0a46495e88cb9f

maven-resolver-util-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 750c82d79b70c04df9fadbffba5633d6f51e6146a9d941e585673787cbb41aad

maven-shared-utils-3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch.rpm

SHA-256: 2d855280cbd379509669af9a7869e8f67a8e18175b15030bbc305b834e0819b6

maven-wagon-file-3.1.0-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 36aa4488d8ab76e56efc705db73aab3529f2437fe8ea61465238fccd7f31bc6d

maven-wagon-http-3.1.0-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 95837a65f0e27a3517b63b72d9808f77b885d67c2b554f8f1408dac9781b04a5

maven-wagon-http-shared-3.1.0-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: bd8d0c1aca082065bf18951162a08ee55018b98919e5aecf6aeb648b89029fa4

maven-wagon-provider-api-3.1.0-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: f6772fc87d18a816abc508eb6d1a9dd9e21b82aa0d7bfb35ee4661ea55bbfc5d

plexus-cipher-1.7-14.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 61466a1beb06e3832007218b88f3e14ec561077b3e4350b7a2fdbb0c4c74afc1

plexus-classworlds-2.5.2-9.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 7c24a0a05a2c23847813356b6243bed248ac84014b07cef8992079ef4e6019c7

plexus-containers-component-annotations-1.7.1-8.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 6ea5f52347d4e504c02a0ac33455b74eb2454e6721ff44688dae5bc7cfb0d0e2

plexus-interpolation-1.22-9.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: fd2159bc1b53ccd4037da814805df1900a6788c85957ddc92ab2463bdd2d0a6b

plexus-sec-dispatcher-1.4-26.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: c9b1f62c0684f876c78361522ec2072509f02d468cbf1a8b57421af8f4c865d2

plexus-utils-3.1.0-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 0c0aefd2ea0cfb9fc179f1e946d010033048a715c7443bfab4f53786e125f94f

sisu-inject-0.3.3-6.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 46f88b0c70d6d1c73a6978fee190f50d66eff4f36a6be006e6ec10da324b7bf5

sisu-plexus-0.3.3-6.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 984e58816dddc48d41669f26d6882a709623c0acfae5a5234c03ce9ce229bdba

slf4j-1.7.25-4.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 03a63d8c5ef736198558f53c4028a3ed4022d86b049cd23ef4f2533ae0b44e08

jansi-native-1.7-7.module+el8+2452+b359bfcd.ppc64le.rpm

SHA-256: ee51fc465a966d1e77aecafc55c615427a844b50a23d6bc084efb11eaec431d5

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.1

SRPM

aopalliance-1.0-17.module+el8+2452+b359bfcd.src.rpm

SHA-256: 8b2414418fbb37c5b0c5315fdce7df988c1b077ad4ece82a01a6319355cd9ccd

apache-commons-cli-1.4-4.module+el8+2452+b359bfcd.src.rpm

SHA-256: 2fd8b6b3d5eb7877cdf5f5455c5e987635f89ea9e480dd851658f04b59ebc1c3

apache-commons-codec-1.11-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: 8a3c4b69a37a11eaa8002dcbb0c5ed5eb0d2761df46b0a51841c2fc8db9bac21

apache-commons-io-2.6-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: fb775209800ac486c3e2e482c3537291561599973376f6963e61ea12a9a6701d

apache-commons-lang3-3.7-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: d50f5afb6b19e9bfa5f98fd9d317ed942ed9c0fe2e78d12f5503d9aabcd40e5b

apache-commons-logging-1.2-13.module+el8+2452+b359bfcd.src.rpm

SHA-256: d960b421ad3a4fe7a5a17164d47364b39a39d55cc9dac6942f05f3496abedaa2

atinject-1-28.20100611svn86.module+el8+2452+b359bfcd.src.rpm

SHA-256: ee153f54dc5a0e68f40f14c9f1d513c4dfb4cc9ee2b940dbba19c69344099a77

cdi-api-1.2-8.module+el8+2452+b359bfcd.src.rpm

SHA-256: b4f599bbba9b6e6905d0cee232194be94feb752b381fb09bad6ce92b399642d5

geronimo-annotation-1.0-23.module+el8+2452+b359bfcd.src.rpm

SHA-256: 706753d3acfe698445effdbe4db2ccb2454b5c49c8dd99ee041185ca6b0dbc89

glassfish-el-3.0.1-0.7.b08.module+el8+2452+b359bfcd.src.rpm

SHA-256: b506043db4877954030c17f5dde68c0193b66595d1fa47613a79b656857352d0

google-guice-4.1-11.module+el8+2452+b359bfcd.src.rpm

SHA-256: bcd754e2e8bfa9f65cd425f927cecbf81fc745953157952bcd11c4d55863ef0b

guava20-20.0-8.module+el8+2452+b359bfcd.src.rpm

SHA-256: 1c6c5a4a45e5aa0056c70be573cf6adf45c21378b7869f19e3a2ee101195e09b

hawtjni-1.16-2.module+el8+2452+b359bfcd.src.rpm

SHA-256: 6db6aa3497e612eac06d277ce4e707dae927ffe345597c600d65a24e2e147179

httpcomponents-client-4.5.5-4.module+el8+2452+b359bfcd.src.rpm

SHA-256: bda003cd86b38cbfe780e68793ea0d2985b9901bc1ebbda69f75e4c76af030ca

httpcomponents-core-4.4.10-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: 989203be51a3e5bc2957926cadc3bda78180dfb10861e3bf1cdd3bddb1099a57

jansi-1.17.1-1.module+el8+2452+b359bfcd.src.rpm

SHA-256: be0b4303487256a7fbe66eb6154599f6b3296443ea9adb02ea70f7e30099122a

jansi-native-1.7-7.module+el8+2452+b359bfcd.src.rpm

SHA-256: 001da756c4f1b4d2780f6e7dde6941b605cb65288ec7c0720dd53d0dc77f6050

jboss-interceptors-1.2-api-1.0.0-8.module+el8+2452+b359bfcd.src.rpm

SHA-256: cfaae33778d6754b58a2c1210be775eb6bb93d9775cee50f05d915573c9a0f5b

jsoup-1.11.3-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: 702559e839077b4103194a714bc35300686f7f45195cfa277e984d06feaac8c0

maven-3.5.4-5.module+el8+2452+b359bfcd.src.rpm

SHA-256: fc0b773e680a0f1d37e227c7a608b01555505290ca3aaea319154050cd498bc9

maven-resolver-1.1.1-2.module+el8+2452+b359bfcd.src.rpm

SHA-256: 343fb38c71c434ac7aa101448ff8d8a0d5a1b95c1c9939c37d853efad9b9db5c

maven-shared-utils-3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src.rpm

SHA-256: ccb5dd05c884b078b9497c49ebc17e084ae94adf68f29125365169006f440612

maven-wagon-3.1.0-1.module+el8+2452+b359bfcd.src.rpm

SHA-256: bba86e7ace838c49e2a644a8ea676d73892bbc50047e533773df1c97e7ee6ad0

plexus-cipher-1.7-14.module+el8+2452+b359bfcd.src.rpm

SHA-256: a83e949fb2c76ed6f7dee0e183da00291c8554868cdaa3d8886bac38049953a0

plexus-classworlds-2.5.2-9.module+el8+2452+b359bfcd.src.rpm

SHA-256: dc7ce40fdb7638a3fe2896a3e05db88c96e45fd6fd4a566a43327fa9dd485902

plexus-containers-1.7.1-8.module+el8+2452+b359bfcd.src.rpm

SHA-256: 0617b02971570bb7b9174f31a0a28656d063f8d7883a9447a6b3db0d4ed44112

plexus-interpolation-1.22-9.module+el8+2452+b359bfcd.src.rpm

SHA-256: c19e630930c6f4c1db2357f80780cde6522770aa09c72ac4a257f713ad5988bf

plexus-sec-dispatcher-1.4-26.module+el8+2452+b359bfcd.src.rpm

SHA-256: 7c4045d60f55e299b867bd6c66d46756ab5698ffaf158c6b6134d23119db235f

plexus-utils-3.1.0-3.module+el8+2452+b359bfcd.src.rpm

SHA-256: fd5862028b960df7cb7303f92a009f1fab8af3d7b3e9218234f5732ebfa917d3

sisu-0.3.3-6.module+el8+2452+b359bfcd.src.rpm

SHA-256: 728b2b9d994b4c605c8ef3e4df595106e380badbf91f96ca3be3f65e282d14b9

slf4j-1.7.25-4.module+el8+2452+b359bfcd.src.rpm

SHA-256: 93882544e09b20e797ffce3c8f2c54aef0529cb645c433712cceabe5c7dedb7c

x86_64

aopalliance-1.0-17.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: e19a5cf17f596626e4e0c2c1db8887f0ad5696274a7bfee897538057a192287c

apache-commons-cli-1.4-4.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: aa81034e2e4e28cf481fd04c28632a74ab56a384e83b9327a26086a417a524f8

apache-commons-codec-1.11-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: afce011f0e79e648ecac5d3701654af278ee943ddcabe362f776269e3a531a66

apache-commons-io-2.6-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 1abbf70fdfb484ddef0b97e9f9d229d12e6a093b2897775348310c50679a0b6d

apache-commons-lang3-3.7-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 360fe6def088bb07a4c4f4f1030d58d72950e821ac16a14af89eb0921f7f94c3

apache-commons-logging-1.2-13.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 9186fd4141379b265d1c5177e72f120346d64a9b774274023a2b5cb4d8f7f343

atinject-1-28.20100611svn86.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 34353ba53ebb48e372a63b75f191a8ee35e505308c86dabc797924e73ec717aa

cdi-api-1.2-8.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 0990daaf50d43fc40b7e08eb2d7404d6f86815493bf04c85cb5c55e5a65dd80e

geronimo-annotation-1.0-23.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 55175ebf6148532da3bf80a0498f2c9b0cc60dcfa4fa36af0b4b674d06848b79

glassfish-el-api-3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: a1fa239f4bb56898d9b1b1cb3462bfa261a4ad8e1cc60a28c44b0678c3a53517

google-guice-4.1-11.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 352a920552646a32c0b21182bdf8a6e0cdce93f9f27cf5b4e25145f95d3a7d44

guava20-20.0-8.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: c9ca8eeca2935b6a62a3baa26dba14c29968ceb395a4ab89a75e6721c8e56cad

hawtjni-runtime-1.16-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 779b1e02969adf6bc1af40377fcd016f6cf4e52b4352dc1a71477686db52c6d4

httpcomponents-client-4.5.5-4.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: ef5b47949359c57afcca667270880dde89c7f2596bd12750a3ad6faf8451359d

httpcomponents-core-4.4.10-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 49ee9c0f27637deb87847c35ffb25a56c50d5eed5a6ac951ade67a3512a15fe4

jansi-1.17.1-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 9c083d562f3cc23bd8b9d08ff289bdfdb92d6e7f3260be0bb9f5a9f77336ae0b

jansi-native-1.7-7.module+el8+2452+b359bfcd.x86_64.rpm

SHA-256: 15fcce6f18434e3adfe2919195e10fc15355905a782d358f3be7851a93d1d96e

jboss-interceptors-1.2-api-1.0.0-8.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 410624e69092fcac533386ef4a161f2ca104834e6ca82849b1062b43ca807821

jcl-over-slf4j-1.7.25-4.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: e072814e0e88bbb88a940a98c9735df073b0684125cb3975d267e7ed7e0e8918

jsoup-1.11.3-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: ecf8e778c8e25e981601af30cf9380c641b9e9072aa483f6834ace805a547880

maven-3.5.4-5.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 3c3023c718ae786b392675585ba9936064c39c085308aad1e790c14639d14ccc

maven-lib-3.5.4-5.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 15edc29233c306988b2c1f43fe35a6d6134767a874d45c7883635cfe1ac468f4

maven-resolver-api-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: a8db84db7a8efcb9dce2720343a0841c46ba31ea997d0602dd69672dd2815cc1

maven-resolver-connector-basic-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: b87b892d176437bcb2db5212a69c45e4ab2f05ab6ec3e1ecd4c4e9f23e3b4502

maven-resolver-impl-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: da0cb84cfe6d92a598f2304d7e7340205781d489a609bdf14ddfd6ae412c9788

maven-resolver-spi-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 0da49501768f2dd9602b196bb8545b7faac382158873a2416f8be22ae26df54c

maven-resolver-transport-wagon-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 8240328ca7f357e02ae779adbac79d4758499540668ad2f21b0a46495e88cb9f

maven-resolver-util-1.1.1-2.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 750c82d79b70c04df9fadbffba5633d6f51e6146a9d941e585673787cbb41aad

maven-shared-utils-3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch.rpm

SHA-256: 2d855280cbd379509669af9a7869e8f67a8e18175b15030bbc305b834e0819b6

maven-wagon-file-3.1.0-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 36aa4488d8ab76e56efc705db73aab3529f2437fe8ea61465238fccd7f31bc6d

maven-wagon-http-3.1.0-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 95837a65f0e27a3517b63b72d9808f77b885d67c2b554f8f1408dac9781b04a5

maven-wagon-http-shared-3.1.0-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: bd8d0c1aca082065bf18951162a08ee55018b98919e5aecf6aeb648b89029fa4

maven-wagon-provider-api-3.1.0-1.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: f6772fc87d18a816abc508eb6d1a9dd9e21b82aa0d7bfb35ee4661ea55bbfc5d

plexus-cipher-1.7-14.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 61466a1beb06e3832007218b88f3e14ec561077b3e4350b7a2fdbb0c4c74afc1

plexus-classworlds-2.5.2-9.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 7c24a0a05a2c23847813356b6243bed248ac84014b07cef8992079ef4e6019c7

plexus-containers-component-annotations-1.7.1-8.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 6ea5f52347d4e504c02a0ac33455b74eb2454e6721ff44688dae5bc7cfb0d0e2

plexus-interpolation-1.22-9.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: fd2159bc1b53ccd4037da814805df1900a6788c85957ddc92ab2463bdd2d0a6b

plexus-sec-dispatcher-1.4-26.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: c9b1f62c0684f876c78361522ec2072509f02d468cbf1a8b57421af8f4c865d2

plexus-utils-3.1.0-3.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 0c0aefd2ea0cfb9fc179f1e946d010033048a715c7443bfab4f53786e125f94f

sisu-inject-0.3.3-6.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 46f88b0c70d6d1c73a6978fee190f50d66eff4f36a6be006e6ec10da324b7bf5

sisu-plexus-0.3.3-6.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 984e58816dddc48d41669f26d6882a709623c0acfae5a5234c03ce9ce229bdba

slf4j-1.7.25-4.module+el8+2452+b359bfcd.noarch.rpm

SHA-256: 03a63d8c5ef736198558f53c4028a3ed4022d86b049cd23ef4f2533ae0b44e08

Related news

Ubuntu Security Notice USN-6730-1

Ubuntu Security Notice 6730-1 - It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code.

Red Hat Security Advisory 2024-0778-03

Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0775-03

Red Hat Security Advisory 2024-0775-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-3622-01

Red Hat Security Advisory 2023-3622-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, denial of service, information leakage, insecure permissions, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2023-3610-01

Red Hat Security Advisory 2023-3610-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

RHSA-2023:3610: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-29599: A flaw was found in the maven-shared-utils package. This issue allows a Command...

Red Hat Security Advisory 2023-3198-01

Red Hat Security Advisory 2023-3198-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, information leakage, and insecure permissions vulnerabilities.

RHSA-2023:3198: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26291: A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that r...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-0573-01

Red Hat Security Advisory 2023-0573-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.55. Issues addressed include a code execution vulnerability.

RHSA-2023:0573: Red Hat Security Advisory: OpenShift Container Platform 4.9.55 security update

Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.

Red Hat Security Advisory 2022-9098-01

Red Hat Security Advisory 2022-9098-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.46. Issues addressed include a code execution vulnerability.

RHSA-2022:9098: Red Hat Security Advisory: OpenShift Container Platform 4.10.46 packages and security update

Red Hat OpenShift Container Platform release 4.10.46 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class

Red Hat Security Advisory 2022-2281-01

Red Hat Security Advisory 2022-2281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.705.

Red Hat Security Advisory 2022-4798-01

Red Hat Security Advisory 2022-4798-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-4797-01

Red Hat Security Advisory 2022-4797-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.

RHSA-2022:2281: Red Hat Security Advisory: OpenShift Container Platform 3.11.705 security update

Red Hat OpenShift Container Platform release 3.11.705 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1677: openshift/router: route hijacking attack via crafted HAProxy configuration file

RHSA-2022:4798: Red Hat Security Advisory: maven:3.5 security update

An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class

RHSA-2022:4797: Red Hat Security Advisory: maven:3.6 security update

An update for the maven:3.6 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class

Red Hat Security Advisory 2022-4699-01

Red Hat Security Advisory 2022-4699-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.

CVE-2022-29599: [MSHARED-297] Unconditionally single quote executable and arguments by roxspring · Pull Request #40 · apache/maven-shared-utils

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.