CVE-2022-29599 – Commandline class shell injection vulnerabilities

https://notcve.org/view.php?id=CVE-2022-29599

27 Apr 2022 — In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. En Apache Maven maven-shared-utils versiones anteriores a 3.3.3, la clase Commandline puede emitir cadenas con comillas dobles sin un escape apropiado, permitiendo ataques de inyección de shell A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection atta... • http://www.openwall.com/lists/oss-security/2022/05/23/3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-116: Improper Encoding or Escaping of Output •