CVE-2017-1000487

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000487
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000487.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-1000487
Aliases
Downstream
Related
  • SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
Published
2018-01-03T20:29:00Z
Modified
2025-09-19T08:43:53.516112Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

References

Affected packages

Git / github.com/codehaus-plexus/plexus-utils

Affected ranges

Type
GIT
Repo
https://github.com/codehaus-plexus/plexus-utils
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

plexus-utils-2.*

plexus-utils-2.0.7
plexus-utils-2.1

plexus-utils-3.*

plexus-utils-3.0
plexus-utils-3.0.1
plexus-utils-3.0.10
plexus-utils-3.0.11
plexus-utils-3.0.12
plexus-utils-3.0.13
plexus-utils-3.0.14
plexus-utils-3.0.15
plexus-utils-3.0.2
plexus-utils-3.0.3
plexus-utils-3.0.4
plexus-utils-3.0.5
plexus-utils-3.0.6
plexus-utils-3.0.7
plexus-utils-3.0.8
plexus-utils-3.0.9

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "300799970982068015982431037008041195086",
                    "104676368707797886347384246451253523428",
                    "162346545987340120690720711533396833634",
                    "67598624732669161930637271996319015448",
                    "207745034413981090703372942108334909329",
                    "200989870876524342534428753293969201746",
                    "140351054116545176855270093950742554258",
                    "216858197118834227521071144975071977065",
                    "67661911869677207178233261896575301568",
                    "305820704747279464979485562232562154954",
                    "319544270405357518845780270084338555247",
                    "173099726432875169567666693757411034115",
                    "285475526510075422052788660232655247777",
                    "192060110213693258689441169939565831557",
                    "99189173883135506272230103145987586947",
                    "24934156606211279344995154497674790516",
                    "54406988797198545216355706718551458339",
                    "7717133447410990880821574672260862477",
                    "286627158450329675767002972682036764416",
                    "217107724011426553366081138219920659428",
                    "22132108982777781368150828813772176429",
                    "305325230576796526419679502293788705604",
                    "46484743183609010269019381491570960566",
                    "336290306340757305620549721204299277864",
                    "39144991994285324332998631062327778325",
                    "215948012795257716838605863262704722315",
                    "221733053921728608672842611073437964976",
                    "125077954493002993460738224621212032030",
                    "31132798232780144061992833484444962026",
                    "333178855125170181232599168362445363997",
                    "231857808611946931778050423570965868491",
                    "83851115173377586090612255287583890797",
                    "162250303065076345261209492967712625715",
                    "264751428289959259740596146253211352803",
                    "15827968120897778693992378133578887381",
                    "248280553452405849085166451402542214356",
                    "306296295192740195911351040919143857613",
                    "134719570181542193618263823151111295437",
                    "222528643462955454669631882567314972746",
                    "253646862163839839850827744536057064692",
                    "216451383950582534538977614945257698392",
                    "43552458198366550128089465039349862823",
                    "302640542209010748092284586731033209246",
                    "308858535711491574819492266531964542997"
                ]
            },
            "id": "CVE-2017-1000487-02fb605b",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/Commandline.java"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "245328568726289761535579372425817308010",
                "length": 868.0
            },
            "id": "CVE-2017-1000487-2563cf2f",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/shell/Shell.java",
                "function": "getRawCommandLine"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "279318192494055280893864218865251420718",
                    "10885823087519446278830464154190954428",
                    "339637272527835449592538332722503032483",
                    "315341723640956645557047926618482323876",
                    "11020193414079140304210406700743936311",
                    "15248381420429985469351059600632181081",
                    "69770402220552774331030142290272573282",
                    "182876066750053336804266707895898638834",
                    "175520929032102173996312984351110011285",
                    "236557089223711662977294659461117831717",
                    "61792606937303249130203737506050334912",
                    "143517943469409887434271931290580296871",
                    "254274144236442360004152979803939331552",
                    "98275859908661230726342158759884345443",
                    "100919086091100649668389946948189332540",
                    "48101020662085164544104040221404613114",
                    "319067707487987508848485175619250365847",
                    "287959877349089530942877573757282162633",
                    "94781417977212615898780281351549754304",
                    "32245080349303680897547383509784681707",
                    "167381137560759913773544447093179373907",
                    "204778344005468556975933891282171460392",
                    "118399976537918844451770361318630942758",
                    "225479027823873198693388548368672540232",
                    "177507711899775162265388380544713547463",
                    "131525387911331961278352187004043909631",
                    "242300683975749043600876242348747130671",
                    "205732003330485726840487497172040002438",
                    "229386760563428956916270966371945231783",
                    "116079380353084399668749993807168146370",
                    "242300683975749043600876242348747130671",
                    "183679823968295882621379682585654302187",
                    "5801842194203685961815971014576406082",
                    "197693002550403722870652616728087716652",
                    "179669615772033602463600740091432627860",
                    "188996999043343786163141981004460679325",
                    "57624416196709235973054567144272631285",
                    "282506764841889541995609711624856018110"
                ]
            },
            "id": "CVE-2017-1000487-25f1cd38",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "168614751941132427320005685092623568012",
                "length": 662.0
            },
            "id": "CVE-2017-1000487-365f05ce",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/Commandline.java",
                "function": "execute"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "84865574263062004234128658204635859208",
                "length": 1191.0
            },
            "id": "CVE-2017-1000487-4c0e2f75",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java",
                "function": "testBourneShellQuotingCharacters"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "125637259555581299840097572896638717728",
                "length": 486.0
            },
            "id": "CVE-2017-1000487-4e454f42",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java",
                "function": "testGetShellCommandLineBash_WithSingleQuotedArg"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "24747907030602044412412141753936611263",
                    "29738323904320518379567511344323733353",
                    "265609344695144016219294555947016162041",
                    "124628339465447721921436693716812178493",
                    "202098285846879798560260004184168114185",
                    "317574938519314951594194024497793540934",
                    "222622582677497198448134633418082802652",
                    "227407457557667411114263333351664971699",
                    "263445753234790440519555458791594960196",
                    "79643603571293372617771188262336808962",
                    "133551431134571711689882278001201342719",
                    "189038708384935351467093655861290606978",
                    "264707452815564459723863158918998969299",
                    "296663462597268782789817466616243199580",
                    "321470405135019013758028420887381440428",
                    "278580800879945964184736854789460149649",
                    "292435380686846365057846686694167730292",
                    "300665136677648553302808514432494120759",
                    "252929415023036646020367008378826493602",
                    "64969581301086708041435904955757696159",
                    "247352809636236059307492204582977055689",
                    "4161648615289802497480829004361892131",
                    "217827295154713567836068753119515619668",
                    "88159725227002844973915368948107485029",
                    "52958465392509675265566931825397685331",
                    "88962489015985515510636668414535765554",
                    "234536612626884567420604869190077353987",
                    "88867406636929878707253180960596894036",
                    "200571846446911592936136467056715320818",
                    "221254239457423867827814348931498450136",
                    "324390724030002423708734665866951395124",
                    "50097596399256950246523093498688128788",
                    "264014794028486841683621206282467267355",
                    "315760537970361517307153248715255708883",
                    "124668460391102946918732570460546328383",
                    "305577323550441914427055549752688962858",
                    "114266163361757035612495942377662071156",
                    "34633930896986754673691812902028396132",
                    "87749075462671987943711226963478135785",
                    "195188504002927936240208002758373158077",
                    "246047843040645353940952857354345591909",
                    "28870352580081541927987920399548694603",
                    "176491968885978734702317463871214395691",
                    "230157463108787044888712190964570237476",
                    "187986498413229158112824585898033769217",
                    "283882219053242831903424889525303880018",
                    "101563671423118322310982248625110876340",
                    "294559474389998078347994108277610964338",
                    "160787560728369943358335398269616946279",
                    "89500319284740935860256150938796045135",
                    "14022030013499478344248191163564584180",
                    "302423027424073294199673625747837205995",
                    "56334364092681054725890387412929045056",
                    "252543323740694808682174612913122121834",
                    "58541277117774831013325813237292164536",
                    "88931515661337248871618778334713114446",
                    "257518461882859506090422280614135586654"
                ]
            },
            "id": "CVE-2017-1000487-50ddf289",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "181137959711395017815591555864093111648",
                "length": 308.0
            },
            "id": "CVE-2017-1000487-5c55f3e1",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java",
                "function": "testQuoteWorkingDirectoryAndExecutable_WDPathWithSingleQuotes"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "92675178776976754492282614409127377887",
                "length": 307.0
            },
            "id": "CVE-2017-1000487-67188aa2",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java",
                "function": "unifyQuotes"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "219867694814017295110422838675296531315",
                "length": 383.0
            },
            "id": "CVE-2017-1000487-79c0011e",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java",
                "function": "testEscapeSingleQuotesOnArgument"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "261439550396805882879773841117531602714",
                "length": 314.0
            },
            "id": "CVE-2017-1000487-87180b97",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java",
                "function": "testQuoteWorkingDirectoryAndExecutable_WDPathWithSingleQuotes_BackslashFileSep"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "39888439016711569929783680222733213029",
                "length": 336.0
            },
            "id": "CVE-2017-1000487-87698c46",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java",
                "function": "testPreserveSingleQuotesOnArgument"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "121385083734232142650913729562102626261",
                "length": 276.0
            },
            "id": "CVE-2017-1000487-8dc16ff6",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java",
                "function": "testQuoteWorkingDirectoryAndExecutable"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "257230636659740514664364397903802204766",
                "length": 244.0
            },
            "id": "CVE-2017-1000487-a213c13f",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java",
                "function": "getExecutionPreamble"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "136125616696534645561670474947206549409",
                "length": 1659.0
            },
            "id": "CVE-2017-1000487-a9549b5e",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java",
                "function": "testArgumentsWithsemicolon"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "9153802260345320861497841110850026482",
                "length": 215.0
            },
            "id": "CVE-2017-1000487-aff42aae",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java",
                "function": "BourneShell"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "75358319420489652393163783191345485342",
                "length": 58.0
            },
            "id": "CVE-2017-1000487-b952758e",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java",
                "function": "getQuotingTriggerChars"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "317272256612478435240080772913426579029",
                "length": 482.0
            },
            "id": "CVE-2017-1000487-c07096fb",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java",
                "function": "testGetShellCommandLineBash"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "297178032715849235338500915384919426614",
                "length": 144.0
            },
            "id": "CVE-2017-1000487-c8a983ec",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java",
                "function": "getExecutable"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "53024081119851549233676211467412891619",
                "length": 461.0
            },
            "id": "CVE-2017-1000487-cfbc8070",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java",
                "function": "testGetShellCommandLineNonWindows"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "237761059037293327751043380171331937986",
                "length": 707.0
            },
            "id": "CVE-2017-1000487-e56ec263",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java",
                "function": "testGetShellCommandLineBash_WithWorkingDirectory"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "73418873428302441374177646890355577869",
                    "57266909541799630018866597338082343802",
                    "318315335801254346973450094711558640023",
                    "317378028518907049806041994282899163733",
                    "175531185513350794635257374928085480176",
                    "139264851717853355019077123984433863365",
                    "91479366894932914392012547034897037121",
                    "56628859053799990713071325983993412983",
                    "50529792302659605621452559755036302458",
                    "283976464617879629313904461508848914446",
                    "282664154675371791074147675909352244929",
                    "32183579857115523624518279653053301660",
                    "73503990986934677094942991821757570732",
                    "81519144438650632884613885670521507634",
                    "213633340242259351405366778735720055172",
                    "272059123195882165076211353043068918357",
                    "36505412154309488698193833151107027160",
                    "109133572645371761863651026145671732495",
                    "62986099643433235889972260790302474600",
                    "2003555741771625836288345993048152289",
                    "15922483174394253743275880889753950052",
                    "234580555394680681238718026865960766555",
                    "101186697661108654923902993114345537766",
                    "67875735245883209661040772520149008619",
                    "111141823950652245238969923548605947719",
                    "73503990986934677094942991821757570732",
                    "81519144438650632884613885670521507634",
                    "213633340242259351405366778735720055172",
                    "272059123195882165076211353043068918357",
                    "209741697878707984437675678736286603853",
                    "258473931518378979008690327388574981736",
                    "172405330183254021916062721618404456563",
                    "289056208136368842629616218835441349198",
                    "237953593464089445925778342874274232292",
                    "145134041580868375876888439974341278775",
                    "177469010587301985815447372955564735453"
                ]
            },
            "id": "CVE-2017-1000487-ef50bde9",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "266859971200631060262410459272496769207",
                    "202593301643469909774897831866107501359",
                    "226005623609645231658021846094360623122",
                    "292073258209220137477996965927713261662",
                    "254767192141294655730149752796810599866",
                    "67194464445949198426624902135840936847",
                    "214396385150867048422766434938892347773",
                    "241639555163956758669108559826074661545",
                    "202836845331417486405662202995539153442",
                    "74769573316591642488132119187431043039",
                    "119737172254403106129538057766564326896",
                    "7621239835065017102227964743327275045",
                    "129295652173545603771365016297869472820",
                    "1510551636711105857490738827130099490",
                    "6308229061052415003262407583118681451",
                    "171352351284800138696505562389847368848",
                    "272542945632502406295291993446177634082",
                    "151342402124700578469368709215935200165",
                    "20853912734730859529560434274831482897",
                    "59410345820749439060616568324118398733",
                    "284876336450936053766225570635289965194",
                    "340087710340397193355970107954204177379",
                    "39368601701278564365235301328721609562"
                ]
            },
            "id": "CVE-2017-1000487-f2b5d73c",
            "source": "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/org/codehaus/plexus/util/cli/shell/Shell.java"
            },
            "deprecated": false
        }
    ]
}