advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-8vhq-qq4p-grq3] OS Command Injection in Plexus-utils

Open SunBK201 opened this issue 1 year ago • 1 comments

Updates

  • Affected products

Comments According to Patch, this vulnerability was introduced from 1.4.1.

SunBK201 avatar Jun 05 '24 14:06 SunBK201

Hi @SunBK201, I was unable to find anything at https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41 that indicates org.codehaus.plexus:plexus-utils first became vulnerable in version 1.4.1. Are there other commits that you examined to reach this conclusion?

shelbyc avatar Jun 05 '24 16:06 shelbyc