=====================================================================

                               CERT-Renater

                     Note d'Information No. 2022/VULN185

_____________________________________________________________________

DATE                : 25/05/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Maven versions prior to
                                      3.3.3.

=====================================================================
https://lists.apache.org/thread/xcm78nfsd4hl0xf0ds2l636yck1lc6wm
_____________________________________________________________________

CVE-2022-29599: Apache Maven: Commandline class shell injection 
vulnerabilities


Description:

In Apache Maven maven-shared-utils prior to version 3.3.3, the 
Commandline class can emit double-quoted strings without proper 
escaping, allowing shell injection attacks.

This issue is being tracked as MSHARED-297


References:

https://issues.apache.org/jira/browse/MSHARED-297
https://github.com/apache/maven-shared-utils/pull/40


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================