RLSA-2022:4797

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2022:4797.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2022:4797
Related
Published
2022-05-30T11:39:17Z
Modified
2023-02-02T13:43:48.524676Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Important: maven:3.6 security update
Details

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

  • maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / aopalliance

Package

Name
aopalliance
Purl
pkg:rpm/rocky-linux/aopalliance?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0-20.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / aopalliance

Package

Name
aopalliance
Purl
pkg:rpm/rocky-linux/aopalliance?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0-20.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / apache-commons-cli

Package

Name
apache-commons-cli
Purl
pkg:rpm/rocky-linux/apache-commons-cli?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4-7.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / apache-commons-cli

Package

Name
apache-commons-cli
Purl
pkg:rpm/rocky-linux/apache-commons-cli?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4-7.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / apache-commons-codec

Package

Name
apache-commons-codec
Purl
pkg:rpm/rocky-linux/apache-commons-codec?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.13-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / apache-commons-codec

Package

Name
apache-commons-codec
Purl
pkg:rpm/rocky-linux/apache-commons-codec?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.13-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / apache-commons-io

Package

Name
apache-commons-io
Purl
pkg:rpm/rocky-linux/apache-commons-io?distro=rocky-linux-8-x86-64&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6-6.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / apache-commons-io

Package

Name
apache-commons-io
Purl
pkg:rpm/rocky-linux/apache-commons-io?distro=rocky-linux-8-4-x86-64-legacy&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6-6.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / apache-commons-lang3

Package

Name
apache-commons-lang3
Purl
pkg:rpm/rocky-linux/apache-commons-lang3?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.9-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / apache-commons-lang3

Package

Name
apache-commons-lang3
Purl
pkg:rpm/rocky-linux/apache-commons-lang3?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.9-4.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / atinject

Package

Name
atinject
Purl
pkg:rpm/rocky-linux/atinject?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1-31.20100611svn86.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / atinject

Package

Name
atinject
Purl
pkg:rpm/rocky-linux/atinject?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1-31.20100611svn86.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / cdi-api

Package

Name
cdi-api
Purl
pkg:rpm/rocky-linux/cdi-api?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.0.1-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / cdi-api

Package

Name
cdi-api
Purl
pkg:rpm/rocky-linux/cdi-api?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.0.1-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / geronimo-annotation

Package

Name
geronimo-annotation
Purl
pkg:rpm/rocky-linux/geronimo-annotation?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0-26.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / geronimo-annotation

Package

Name
geronimo-annotation
Purl
pkg:rpm/rocky-linux/geronimo-annotation?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0-26.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / google-guice

Package

Name
google-guice
Purl
pkg:rpm/rocky-linux/google-guice?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.2.2-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / google-guice

Package

Name
google-guice
Purl
pkg:rpm/rocky-linux/google-guice?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.2.2-4.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / guava

Package

Name
guava
Purl
pkg:rpm/rocky-linux/guava?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:28.1-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / guava

Package

Name
guava
Purl
pkg:rpm/rocky-linux/guava?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:28.1-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / httpcomponents-client

Package

Name
httpcomponents-client
Purl
pkg:rpm/rocky-linux/httpcomponents-client?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.5.10-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / httpcomponents-client

Package

Name
httpcomponents-client
Purl
pkg:rpm/rocky-linux/httpcomponents-client?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.5.10-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / httpcomponents-core

Package

Name
httpcomponents-core
Purl
pkg:rpm/rocky-linux/httpcomponents-core?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.4.12-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / httpcomponents-core

Package

Name
httpcomponents-core
Purl
pkg:rpm/rocky-linux/httpcomponents-core?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.4.12-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / jansi

Package

Name
jansi
Purl
pkg:rpm/rocky-linux/jansi?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.18-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / jansi

Package

Name
jansi
Purl
pkg:rpm/rocky-linux/jansi?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.18-4.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / jsoup

Package

Name
jsoup
Purl
pkg:rpm/rocky-linux/jsoup?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.12.1-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / jsoup

Package

Name
jsoup
Purl
pkg:rpm/rocky-linux/jsoup?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.12.1-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / jsr-305

Package

Name
jsr-305
Purl
pkg:rpm/rocky-linux/jsr-305?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0-0.25.20130910svn.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / jsr-305

Package

Name
jsr-305
Purl
pkg:rpm/rocky-linux/jsr-305?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0-0.25.20130910svn.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / maven

Package

Name
maven
Purl
pkg:rpm/rocky-linux/maven?distro=rocky-linux-8-4-x86-64-legacy&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-6.module+el8.4.0+648+3fecd521

Rocky Linux:8 / maven

Package

Name
maven
Purl
pkg:rpm/rocky-linux/maven?distro=rocky-linux-8-x86-64&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module+el8.6.0+976+839b99e9

Rocky Linux:8 / maven

Package

Name
maven
Purl
pkg:rpm/rocky-linux/maven?distro=rocky-linux-8-6-x86-64-legacy&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.6.2-7.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / maven-resolver

Package

Name
maven-resolver
Purl
pkg:rpm/rocky-linux/maven-resolver?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4.1-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / maven-resolver

Package

Name
maven-resolver
Purl
pkg:rpm/rocky-linux/maven-resolver?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4.1-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / maven-shared-utils

Package

Name
maven-shared-utils
Purl
pkg:rpm/rocky-linux/maven-shared-utils?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.2.1-0.5.module+el8.6.0+976+839b99e9

Rocky Linux:8 / maven-wagon

Package

Name
maven-wagon
Purl
pkg:rpm/rocky-linux/maven-wagon?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.3.4-2.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / maven-wagon

Package

Name
maven-wagon
Purl
pkg:rpm/rocky-linux/maven-wagon?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.3.4-2.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-cipher

Package

Name
plexus-cipher
Purl
pkg:rpm/rocky-linux/plexus-cipher?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.7-17.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-cipher

Package

Name
plexus-cipher
Purl
pkg:rpm/rocky-linux/plexus-cipher?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.7-17.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-classworlds

Package

Name
plexus-classworlds
Purl
pkg:rpm/rocky-linux/plexus-classworlds?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.6.0-4.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-classworlds

Package

Name
plexus-classworlds
Purl
pkg:rpm/rocky-linux/plexus-classworlds?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.6.0-4.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-containers

Package

Name
plexus-containers
Purl
pkg:rpm/rocky-linux/plexus-containers?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.1.0-2.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-containers

Package

Name
plexus-containers
Purl
pkg:rpm/rocky-linux/plexus-containers?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.1.0-2.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-interpolation

Package

Name
plexus-interpolation
Purl
pkg:rpm/rocky-linux/plexus-interpolation?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.26-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-interpolation

Package

Name
plexus-interpolation
Purl
pkg:rpm/rocky-linux/plexus-interpolation?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.26-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-sec-dispatcher

Package

Name
plexus-sec-dispatcher
Purl
pkg:rpm/rocky-linux/plexus-sec-dispatcher?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4-29.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-sec-dispatcher

Package

Name
plexus-sec-dispatcher
Purl
pkg:rpm/rocky-linux/plexus-sec-dispatcher?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.4-29.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / plexus-utils

Package

Name
plexus-utils
Purl
pkg:rpm/rocky-linux/plexus-utils?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.3.0-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / plexus-utils

Package

Name
plexus-utils
Purl
pkg:rpm/rocky-linux/plexus-utils?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.3.0-3.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / sisu

Package

Name
sisu
Purl
pkg:rpm/rocky-linux/sisu?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.3.4-2.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / sisu

Package

Name
sisu
Purl
pkg:rpm/rocky-linux/sisu?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.3.4-2.module+el8.3.0+134+f7791fe0

Rocky Linux:8 / slf4j

Package

Name
slf4j
Purl
pkg:rpm/rocky-linux/slf4j?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.7.28-3.module+el8.6.0+844+4401f2ed

Rocky Linux:8 / slf4j

Package

Name
slf4j
Purl
pkg:rpm/rocky-linux/slf4j?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.7.28-3.module+el8.3.0+134+f7791fe0