USN-5245-1: Apache Maven vulnerability
18 August 2022
Apache Maven could be made to crash or run programs if it received specially crafted input.
- maven - Java software project management and comprehension tool
It was discovered that Apache Maven followed repositories that are defined in a
dependency's Project Object Model (pom) even if the repositories weren't
encrypted (http protocol). An attacker could use this vulnerability to take
over a repository, execute arbitrary code or cause a denial of service.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-5805-1: libmaven3-core-java, maven