USN-5805-1: Apache Maven vulnerability
16 January 2023
Apache Maven could be made to crash or run programs if it received specially crafted input.
- maven - Java software project management and comprehension tool
It was discovered that Apache Maven followed repositories that are defined
in a dependency’s Project Object Model (pom) even if the repositories
weren't encryptedh (http protocol). An attacker could use this
vulnerability to take over a repository, execute arbitrary code or cause a
denial of service.
- USN-5245-1: maven, libmaven3-core-java