In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
{ "binaries": [ { "binary_name": "libmaven-shared-utils-java", "binary_version": "0.4-1ubuntu0.1~esm1" }, { "binary_name": "libmaven-shared-utils-java-doc", "binary_version": "0.4-1ubuntu0.1~esm1" } ], "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libmaven-shared-utils-java", "binary_version": "0.9-1ubuntu0.1~esm1" }, { "binary_name": "libmaven-shared-utils-java-doc", "binary_version": "0.9-1ubuntu0.1~esm1" } ], "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libmaven-shared-utils-java", "binary_version": "3.3.0-1ubuntu0.18.04.1~esm1" }, { "binary_name": "libmaven-shared-utils-java-doc", "binary_version": "3.3.0-1ubuntu0.18.04.1~esm1" } ], "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libmaven-shared-utils-java", "binary_version": "3.3.0-1ubuntu0.20.04.1" }, { "binary_name": "libmaven-shared-utils-java-doc", "binary_version": "3.3.0-1ubuntu0.20.04.1" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "libmaven-shared-utils-java", "binary_version": "3.3.0-1ubuntu0.22.04.1" }, { "binary_name": "libmaven-shared-utils-java-doc", "binary_version": "3.3.0-1ubuntu0.22.04.1" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }