{"id":"ALSA-2022:1860","summary":"Moderate: maven:3.6 security and enhancement update","details":"Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.\n\nSecurity Fix(es):\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-01-30T02:22:34.371411Z","published":"2022-05-10T08:04:46Z","related":["CVE-2020-13956"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2022-1860.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-13956"}],"affected":[{"package":{"name":"aopalliance","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/aopalliance"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-20.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"apache-commons-cli","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-7.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"apache-commons-codec","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-codec"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"apache-commons-io","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-io"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.6-6.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"apache-commons-lang3","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-lang3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9-4.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"atinject","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/atinject"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1-31.20100611svn86.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"cdi-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/cdi-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.1-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"geronimo-annotation","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/geronimo-annotation"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-26.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"google-guice","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/google-guice"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.2-4.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"guava","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/guava"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"28.1-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"httpcomponents-client","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/httpcomponents-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.10-4.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"httpcomponents-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/httpcomponents-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.12-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"jansi","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jansi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.18-4.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"jcl-over-slf4j","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jcl-over-slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.28-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"jsoup","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jsoup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.1-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"jsr-305","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jsr-305"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0-0.25.20130910svn.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"maven","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.6.2-7.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"maven-lib","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.6.2-7.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"maven-openjdk11","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-openjdk11"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.6.2-7.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"maven-openjdk17","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-openjdk17"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.6.2-7.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"maven-openjdk8","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-openjdk8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.6.2-7.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"maven-resolver","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-resolver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.1-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"maven-shared-utils","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-shared-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.1-0.4.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"maven-wagon","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-wagon"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.4-2.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"plexus-cipher","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-cipher"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7-17.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"plexus-classworlds","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-classworlds"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.0-4.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"plexus-containers-component-annotations","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-containers-component-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-2.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"plexus-interpolation","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-interpolation"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"plexus-sec-dispatcher","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-sec-dispatcher"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-29.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"plexus-utils","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.0-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"sisu","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sisu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.4-2.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}},{"package":{"name":"slf4j","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.28-3.module_el8.6.0+2786+d7c38b21"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1860.json"}}],"schema_version":"1.7.3"}