CVEDB API

Vulnerability Details CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.openwall.com/lists/oss-security/2022/05/23/3
https://github.com/apache/maven-shared-utils/pull/40
https://issues.apache.org/jira/browse/MSHARED-297
https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html
https://www.debian.org/security/2022/dsa-5242
http://www.openwall.com/lists/oss-security/2022/05/23/3
https://github.com/apache/maven-shared-utils/pull/40
https://issues.apache.org/jira/browse/MSHARED-297
https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html
https://www.debian.org/security/2022/dsa-5242

Products affected by CVE-2022-29599

Apache » Maven Shared Utils » Version: Any

cpe:2.3:a:apache:maven_shared_utils:*
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 11.0

cpe:2.3:o:debian:debian_linux:11.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29599

Products

Pricing

Contact Us