ALSA-2022:4797

Source
https://errata.almalinux.org/8/ALSA-2022-4797.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4797.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2022:4797
Related
Published
2022-05-30T11:39:17Z
Modified
2022-05-30T11:39:17Z
Summary
Important: maven:3.6 security update
Details

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

  • maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / aopalliance

Package

Name
aopalliance

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0-20.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / apache-commons-cli

Package

Name
apache-commons-cli

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4-7.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / apache-commons-codec

Package

Name
apache-commons-codec

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / apache-commons-io

Package

Name
apache-commons-io

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6-6.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / apache-commons-lang3

Package

Name
apache-commons-lang3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9-4.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / atinject

Package

Name
atinject

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-31.20100611svn86.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / cdi-api

Package

Name
cdi-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.1-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / geronimo-annotation

Package

Name
geronimo-annotation

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0-26.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / google-guice

Package

Name
google-guice

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.2-4.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / guava

Package

Name
guava

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
28.1-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / httpcomponents-client

Package

Name
httpcomponents-client

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.10-4.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / httpcomponents-core

Package

Name
httpcomponents-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.12-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / jansi

Package

Name
jansi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18-4.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / jcl-over-slf4j

Package

Name
jcl-over-slf4j

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.28-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / jsoup

Package

Name
jsoup

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.1-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / jsr-305

Package

Name
jsr-305

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0-0.25.20130910svn.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / maven

Package

Name
maven

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / maven-lib

Package

Name
maven-lib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / maven-openjdk11

Package

Name
maven-openjdk11

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / maven-openjdk17

Package

Name
maven-openjdk17

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / maven-openjdk8

Package

Name
maven-openjdk8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / maven-resolver

Package

Name
maven-resolver

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.1-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / maven-shared-utils

Package

Name
maven-shared-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.1-0.5.module_el8.6.0+2903+d6ca2362

AlmaLinux:8 / maven-wagon

Package

Name
maven-wagon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.4-2.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / plexus-cipher

Package

Name
plexus-cipher

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7-17.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / plexus-classworlds

Package

Name
plexus-classworlds

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.0-4.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / plexus-containers-component-annotations

Package

Name
plexus-containers-component-annotations

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-2.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / plexus-interpolation

Package

Name
plexus-interpolation

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / plexus-sec-dispatcher

Package

Name
plexus-sec-dispatcher

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4-29.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / plexus-utils

Package

Name
plexus-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0-3.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / sisu

Package

Name
sisu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.4-2.module_el8.6.0+2786+d7c38b21

AlmaLinux:8 / slf4j

Package

Name
slf4j

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.28-3.module_el8.6.0+2786+d7c38b21