{"id":"ALSA-2022:4798","summary":"Important: maven:3.5 security update","details":"The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T02:28:33.850550Z","published":"2022-05-30T11:39:15Z","related":["CVE-2022-29599"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2022-4798.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-29599"}],"affected":[{"package":{"name":"aopalliance","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/aopalliance"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-17.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"apache-commons-cli","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-4.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"apache-commons-codec","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-codec"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11-3.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"apache-commons-io","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-io"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.6-3.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"apache-commons-lang3","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-lang3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7-3.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"apache-commons-logging","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-logging"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-13.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"atinject","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/atinject"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1-28.20100611svn86.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"cdi-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/cdi-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-8.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"geronimo-annotation","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/geronimo-annotation"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-23.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"glassfish-el-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-el-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.1-0.7.b08.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"google-guice","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/google-guice"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1-11.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"guava20","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/guava20"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20.0-8.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"hawtjni-runtime","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/hawtjni-runtime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16-2.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"httpcomponents-client","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/httpcomponents-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.5-5.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"httpcomponents-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/httpcomponents-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.10-3.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"jansi","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jansi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.1-1.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"jansi","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jansi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.1-1.module_el8.0.0+6044+f3cbc35d"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"jansi-native","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jansi-native"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7-7.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"jboss-interceptors-1.2-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jboss-interceptors-1.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0-8.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"jcl-over-slf4j","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jcl-over-slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.25-4.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"jsoup","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jsoup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.3-3.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.4-5.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-lib","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.4-5.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-resolver-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-resolver-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1-2.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-resolver-connector-basic","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-resolver-connector-basic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1-2.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-resolver-impl","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-resolver-impl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1-2.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-resolver-spi","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-resolver-spi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1-2.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-resolver-transport-wagon","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-resolver-transport-wagon"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1-2.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-resolver-util","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-resolver-util"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1-2.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-shared-utils","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-shared-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.1-0.2.module_el8.6.0+2902+097a4293"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-wagon-file","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-wagon-file"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.0-1.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-wagon-http","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-wagon-http"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.0-1.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-wagon-http-shared","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-wagon-http-shared"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.0-1.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"maven-wagon-provider-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/maven-wagon-provider-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.0-1.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"plexus-cipher","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-cipher"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7-14.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"plexus-classworlds","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-classworlds"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.2-9.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"plexus-containers-component-annotations","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-containers-component-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.1-8.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"plexus-interpolation","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-interpolation"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22-9.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"plexus-sec-dispatcher","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-sec-dispatcher"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-26.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"plexus-utils","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/plexus-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.0-3.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"sisu-inject","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sisu-inject"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.3.3-6.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"sisu-plexus","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sisu-plexus"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.3.3-6.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"slf4j","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.25-4.module_el8.6.0+2752+f1f3449e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}},{"package":{"name":"slf4j","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.25-4.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:4798.json"}}],"schema_version":"1.7.3"}