CVE-2022-29599

CVE-2022-29599: Commandline class shell injection vulnerabilities

Vendor Apache Software Foundation
Product Apache Maven
Weakness CWE-116
Published May 23, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

Key dates

02Disclosure timeline

May 23, 2022 CVE published
August 3, 2024 Record updated