ALSA-2022:4798

Source
https://errata.almalinux.org/8/ALSA-2022-4798.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2022:4798
Related
Published
2022-05-30T11:39:15Z
Modified
2022-05-30T11:39:15Z
Summary
Important: maven:3.5 security update
Details

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

  • maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / aopalliance

Package

Name
aopalliance

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0-17.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / apache-commons-cli

Package

Name
apache-commons-cli

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4-4.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / apache-commons-codec

Package

Name
apache-commons-codec

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11-3.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / apache-commons-io

Package

Name
apache-commons-io

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6-3.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / apache-commons-lang3

Package

Name
apache-commons-lang3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7-3.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / apache-commons-logging

Package

Name
apache-commons-logging

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-13.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / atinject

Package

Name
atinject

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-28.20100611svn86.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / cdi-api

Package

Name
cdi-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-8.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / geronimo-annotation

Package

Name
geronimo-annotation

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0-23.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / glassfish-el-api

Package

Name
glassfish-el-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.1-0.7.b08.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / google-guice

Package

Name
google-guice

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1-11.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / guava20

Package

Name
guava20

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.0-8.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / hawtjni-runtime

Package

Name
hawtjni-runtime

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16-2.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / httpcomponents-client

Package

Name
httpcomponents-client

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.5-5.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / httpcomponents-core

Package

Name
httpcomponents-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.10-3.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / jansi

Package

Name
jansi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17.1-1.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / jansi

Package

Name
jansi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17.1-1.module_el8.0.0+6044+f3cbc35d

AlmaLinux:8 / jansi-native

Package

Name
jansi-native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7-7.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / jboss-interceptors-1.2-api

Package

Name
jboss-interceptors-1.2-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0-8.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / jcl-over-slf4j

Package

Name
jcl-over-slf4j

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / jsoup

Package

Name
jsoup

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.3-3.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven

Package

Name
maven

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.5.4-5.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-lib

Package

Name
maven-lib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.5.4-5.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-resolver-api

Package

Name
maven-resolver-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-resolver-connector-basic

Package

Name
maven-resolver-connector-basic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-resolver-impl

Package

Name
maven-resolver-impl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-resolver-spi

Package

Name
maven-resolver-spi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-resolver-transport-wagon

Package

Name
maven-resolver-transport-wagon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-resolver-util

Package

Name
maven-resolver-util

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-shared-utils

Package

Name
maven-shared-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.1-0.2.module_el8.6.0+2902+097a4293

AlmaLinux:8 / maven-wagon-file

Package

Name
maven-wagon-file

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-1.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-wagon-http

Package

Name
maven-wagon-http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-1.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-wagon-http-shared

Package

Name
maven-wagon-http-shared

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-1.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / maven-wagon-provider-api

Package

Name
maven-wagon-provider-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-1.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / plexus-cipher

Package

Name
plexus-cipher

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7-14.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / plexus-classworlds

Package

Name
plexus-classworlds

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-9.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / plexus-containers-component-annotations

Package

Name
plexus-containers-component-annotations

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-8.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / plexus-interpolation

Package

Name
plexus-interpolation

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22-9.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / plexus-sec-dispatcher

Package

Name
plexus-sec-dispatcher

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4-26.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / plexus-utils

Package

Name
plexus-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-3.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / sisu-inject

Package

Name
sisu-inject

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.3.3-6.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / sisu-plexus

Package

Name
sisu-plexus

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.3.3-6.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / slf4j

Package

Name
slf4j

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / slf4j

Package

Name
slf4j

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.5.0+2577+9e95fe00