Sylwester Lachiewicz created MSHARED-959:
--------------------------------------------
Summary: Upgrade Maven Shared Utils to 3.3.3
Key: MSHARED-959
URL: https://issues.apache.org/jira/browse/MSHARED-959
Project: Maven Shared Components
Issue Type: Improvement
Components: maven-common-artifact-filters
Reporter: Sylwester Lachiewicz
Affected versions of this package are vulnerable to Command Injection. The
{{Commandline}} class can emit double-quoted strings without proper escaping,
allowing shell injection attacks. The {{BourneShell}} class should
unconditionally single-quote emitted strings (including the name of the command
itself being quoted), with {{{\{'"'"'}}}} used for embedded single quotes, for
maximum safety across shells implementing a superset of POSIX quoting rules.
This is a similar issue to
[{{SNYK-JAVA-ORGCODEHAUSPLEXUS-31522}}|https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
