Vulnerability Details CVE-2019-20343
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://drive.google.com/open?id=0B5UvrSwn4wuwTnNqSzZESjIwZHo5ZXhWdHh2T2Z0eWRCT1hF
- https://drive.google.com/open?id=1GLs0d9IGArMVrlbEGbxgCjA1MuzIJk-3
- https://www.mojohaus.org/exec-maven-plugin/
- https://drive.google.com/open?id=0B5UvrSwn4wuwTnNqSzZESjIwZHo5ZXhWdHh2T2Z0eWRCT1hF
- https://drive.google.com/open?id=1GLs0d9IGArMVrlbEGbxgCjA1MuzIJk-3
- https://www.mojohaus.org/exec-maven-plugin/
Products affected by CVE-2019-20343
-
cpe:2.3:a:mojohaus:exec_maven:1.1.1