search

veracode-repository-ruleset / verademo-java-maven

verademo-java-maven
0 stars 0 forks source link

CVE: 2017-1000487 found in Plexus Common Utilities - Version: 1.0.4 [JAVA] #38

Open github-actions[bot] opened 10 months ago

github-actions[bot] commented 10 months ago

Veracode Software Composition Analysis

Attribute Details
Library Plexus Common Utilities
Description A collection of various utility classes to ease working with strings, files, command lines and more.
Language JAVA
Vulnerability Command Line Shell Injection
Vulnerability description plexus-utils is vulnerable to command line shell injection. The library does not correctly quote the contents of double-quoted strings, allowing a malicious user to inject and execute arbitrary shell code.
CVE 2017-1000487
CVSS score 7.5
Vulnerability present in version/s 1.0.4-1.5
Found library version/s 1.0.4
Vulnerability fixed in version null
Library latest version 4.0.0
Fix null

Links:

github-actions[bot] commented 7 months ago

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54