RHSA-2022:1861

See a problem?
Please try reporting it to the source first.

Source

https://access.redhat.com/errata/RHSA-2022:1861

Import Source

https://security.access.redhat.com/data/osv/RHSA-2022:1861.json

JSON Data

https://api.test.osv.dev/v1/vulns/RHSA-2022:1861

Upstream

CVE-2020-13956

Published

2024-10-01T18:20:33Z

Modified

2025-09-11T11:51:16Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Red Hat Security Advisory: maven:3.5 security update

Details

References

Affected packages

Red Hat:enterprise_linux:8::appstream

aopalliance-1.0

Package

Name: aopalliance-1.0
Purl: pkg:rpm/redhat/aopalliance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.module+el8+2452+b359bfcd.src.rpm-maven:3

apache-commons-cli-1.4

Package

Name: apache-commons-cli-1.4
Purl: pkg:rpm/redhat/apache-commons-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.module+el8+2452+b359bfcd.src.rpm-maven:3

apache-commons-codec-1.11

Package

Name: apache-commons-codec-1.11
Purl: pkg:rpm/redhat/apache-commons-codec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.module+el8+2452+b359bfcd.src.rpm-maven:3

apache-commons-io-2.6

Package

Name: apache-commons-io-2.6
Purl: pkg:rpm/redhat/apache-commons-io

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.module+el8+2452+b359bfcd.src.rpm-maven:3

apache-commons-lang3-3.7

Package

Name: apache-commons-lang3-3.7
Purl: pkg:rpm/redhat/apache-commons-lang3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.module+el8+2452+b359bfcd.src.rpm-maven:3

apache-commons-logging-1.2

Package

Name: apache-commons-logging-1.2
Purl: pkg:rpm/redhat/apache-commons-logging

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

13.module+el8+2452+b359bfcd.src.rpm-maven:3

atinject-1

Package

Name: atinject-1
Purl: pkg:rpm/redhat/atinject

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

28.20100611svn86.module+el8+2452+b359bfcd.src.rpm-maven:3

cdi-api-1.2

Package

Name: cdi-api-1.2
Purl: pkg:rpm/redhat/cdi-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.module+el8+2452+b359bfcd.src.rpm-maven:3

geronimo-annotation-1.0

Package

Name: geronimo-annotation-1.0
Purl: pkg:rpm/redhat/geronimo-annotation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.module+el8+2452+b359bfcd.src.rpm-maven:3

glassfish-el-3.0.1

Package

Name: glassfish-el-3.0.1
Purl: pkg:rpm/redhat/glassfish-el

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.b08.module+el8+2452+b359bfcd.src.rpm-maven:3

glassfish-el-api-3.0.1

Package

Name: glassfish-el-api-3.0.1
Purl: pkg:rpm/redhat/glassfish-el-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.b08.module+el8+2452+b359bfcd.noarch.rpm-maven:3

google-guice-4.1

Package

Name: google-guice-4.1
Purl: pkg:rpm/redhat/google-guice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.module+el8+2452+b359bfcd.src.rpm-maven:3

guava20-20.0

Package

Name: guava20-20.0
Purl: pkg:rpm/redhat/guava20

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.module+el8+2452+b359bfcd.src.rpm-maven:3

hawtjni-1.16

Package

Name: hawtjni-1.16
Purl: pkg:rpm/redhat/hawtjni

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.src.rpm-maven:3

hawtjni-runtime-1.16

Package

Name: hawtjni-runtime-1.16
Purl: pkg:rpm/redhat/hawtjni-runtime

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.noarch.rpm-maven:3

httpcomponents-client-4.5.5

Package

Name: httpcomponents-client-4.5.5
Purl: pkg:rpm/redhat/httpcomponents-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.module+el8.6.0+13298+7b5243c0.src.rpm-maven:3

httpcomponents-core-4.4.10

Package

Name: httpcomponents-core-4.4.10
Purl: pkg:rpm/redhat/httpcomponents-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.module+el8+2452+b359bfcd.src.rpm-maven:3

jansi-1.17.1

Package

Name: jansi-1.17.1
Purl: pkg:rpm/redhat/jansi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.module+el8+2452+b359bfcd.src.rpm-maven:3

jansi-native-1.7

Package

Name: jansi-native-1.7
Purl: pkg:rpm/redhat/jansi-native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.module+el8+2452+b359bfcd.x86_64.rpm-maven:3

jboss-interceptors-1.2-api-1.0.0

Package

Name: jboss-interceptors-1.2-api-1.0.0
Purl: pkg:rpm/redhat/jboss-interceptors-1.2-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.module+el8+2452+b359bfcd.src.rpm-maven:3

jcl-over-slf4j-1.7.25

Package

Name: jcl-over-slf4j-1.7.25
Purl: pkg:rpm/redhat/jcl-over-slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.module+el8+2452+b359bfcd.noarch.rpm-maven:3

jsoup-1.11.3

Package

Name: jsoup-1.11.3
Purl: pkg:rpm/redhat/jsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.module+el8+2452+b359bfcd.src.rpm-maven:3

maven-3.5.4

Package

Name: maven-3.5.4
Purl: pkg:rpm/redhat/maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.module+el8+2452+b359bfcd.src.rpm-maven:3

maven-lib-3.5.4

Package

Name: maven-lib-3.5.4
Purl: pkg:rpm/redhat/maven-lib

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-resolver-1.1.1

Package

Name: maven-resolver-1.1.1
Purl: pkg:rpm/redhat/maven-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.src.rpm-maven:3

maven-resolver-api-1.1.1

Package

Name: maven-resolver-api-1.1.1
Purl: pkg:rpm/redhat/maven-resolver-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-resolver-connector-basic-1.1.1

Package

Name: maven-resolver-connector-basic-1.1.1
Purl: pkg:rpm/redhat/maven-resolver-connector-basic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-resolver-impl-1.1.1

Package

Name: maven-resolver-impl-1.1.1
Purl: pkg:rpm/redhat/maven-resolver-impl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-resolver-spi-1.1.1

Package

Name: maven-resolver-spi-1.1.1
Purl: pkg:rpm/redhat/maven-resolver-spi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-resolver-transport-wagon-1.1.1

Package

Name: maven-resolver-transport-wagon-1.1.1
Purl: pkg:rpm/redhat/maven-resolver-transport-wagon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-resolver-util-1.1.1

Package

Name: maven-resolver-util-1.1.1
Purl: pkg:rpm/redhat/maven-resolver-util

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-shared-utils-3.2.1

Package

Name: maven-shared-utils-3.2.1
Purl: pkg:rpm/redhat/maven-shared-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.module+el8+2452+b359bfcd.src.rpm-maven:3

maven-wagon-3.1.0

Package

Name: maven-wagon-3.1.0
Purl: pkg:rpm/redhat/maven-wagon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.module+el8+2452+b359bfcd.src.rpm-maven:3

maven-wagon-file-3.1.0

Package

Name: maven-wagon-file-3.1.0
Purl: pkg:rpm/redhat/maven-wagon-file

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-wagon-http-3.1.0

Package

Name: maven-wagon-http-3.1.0
Purl: pkg:rpm/redhat/maven-wagon-http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-wagon-http-shared-3.1.0

Package

Name: maven-wagon-http-shared-3.1.0
Purl: pkg:rpm/redhat/maven-wagon-http-shared

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.module+el8+2452+b359bfcd.noarch.rpm-maven:3

maven-wagon-provider-api-3.1.0

Package

Name: maven-wagon-provider-api-3.1.0
Purl: pkg:rpm/redhat/maven-wagon-provider-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.module+el8+2452+b359bfcd.noarch.rpm-maven:3

plexus-cipher-1.7

Package

Name: plexus-cipher-1.7
Purl: pkg:rpm/redhat/plexus-cipher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.module+el8+2452+b359bfcd.src.rpm-maven:3

plexus-classworlds-2.5.2

Package

Name: plexus-classworlds-2.5.2
Purl: pkg:rpm/redhat/plexus-classworlds

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.module+el8+2452+b359bfcd.src.rpm-maven:3

plexus-containers-1.7.1

Package

Name: plexus-containers-1.7.1
Purl: pkg:rpm/redhat/plexus-containers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.module+el8+2452+b359bfcd.src.rpm-maven:3

plexus-containers-component-annotations-1.7.1

Package

Name: plexus-containers-component-annotations-1.7.1
Purl: pkg:rpm/redhat/plexus-containers-component-annotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.module+el8+2452+b359bfcd.noarch.rpm-maven:3

plexus-interpolation-1.22

Package

Name: plexus-interpolation-1.22
Purl: pkg:rpm/redhat/plexus-interpolation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.module+el8+2452+b359bfcd.src.rpm-maven:3

plexus-sec-dispatcher-1.4

Package

Name: plexus-sec-dispatcher-1.4
Purl: pkg:rpm/redhat/plexus-sec-dispatcher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

26.module+el8+2452+b359bfcd.src.rpm-maven:3

plexus-utils-3.1.0

Package

Name: plexus-utils-3.1.0
Purl: pkg:rpm/redhat/plexus-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.module+el8+2452+b359bfcd.src.rpm-maven:3

sisu-0.3.3

Package

Name: sisu-0.3.3
Purl: pkg:rpm/redhat/sisu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.module+el8+2452+b359bfcd.src.rpm-maven:3

sisu-inject-0.3.3

Package

Name: sisu-inject-0.3.3
Purl: pkg:rpm/redhat/sisu-inject

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.module+el8+2452+b359bfcd.noarch.rpm-maven:3

sisu-plexus-0.3.3

Package

Name: sisu-plexus-0.3.3
Purl: pkg:rpm/redhat/sisu-plexus

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.module+el8+2452+b359bfcd.noarch.rpm-maven:3

slf4j-1.7.25

Package

Name: slf4j-1.7.25
Purl: pkg:rpm/redhat/slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.module+el8+2452+b359bfcd.src.rpm-maven:3