search

gwhittemore-veracode / Veracode-GW-Training-demo

1 stars 0 forks source link

CVE: 2017-1000487 found in Plexus Common Utilities - Version: 1.0.4 [JAVA] #46

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago

Veracode Software Composition Analysis

Attribute Details
Library Plexus Common Utilities
Description A collection of various utility classes to ease working with strings, files, command lines, XML and more.
Language JAVA
Vulnerability Command Line Shell Injection
Vulnerability description plexus-utils is vulnerable to command line shell injection. The library does not correctly quote the contents of double-quoted strings, allowing a malicious user to inject and execute arbitrary shell code.
CVE 2017-1000487
CVSS score 7.5
Vulnerability present in version/s 1.0.4-1.5
Found library version/s 1.0.4
Vulnerability fixed in version null
Library latest version 3.4.2
Fix null

Links: