search

5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2017-1000487 found in Plexus Common Utilities - Version: 1.0.4 [JAVA] #32

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Plexus Common Utilities
Description A collection of various utility classes to ease working with strings, files, command lines, XML and more.
Language JAVA
Vulnerability Command Line Shell Injection
Vulnerability description plexus-utils is vulnerable to command line shell injection. The library does not correctly quote the contents of double-quoted strings, allowing a malicious user to inject and execute arbitrary shell code.
CVE 2017-1000487
CVSS score 7.5
Vulnerability present in version/s 1.0.4-1.5
Found library version/s 1.0.4
Vulnerability fixed in version null
Library latest version 3.5.0
Fix null

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2