Command Injection Vulnerability in Plexus-utils by Codehaus
CVE-2017-1000487

9.8CRITICAL

Key Information:

Vendor

Plexus-utils Project

Status
Plexus-utils
Vendor
CVE Published:
3 January 2018

What is CVE-2017-1000487?

The Plexus-utils library prior to version 3.0.16 has a vulnerability that allows for command injection attacks due to improper processing of double quoted strings. This flaw can be exploited by attackers to execute arbitrary commands on systems utilizing affected versions of the library. It is crucial for users of Plexus-utils to upgrade to the latest version to ensure security against potential exploitation.

References

https://access.redhat.com/errata/RHSA-2018:1322
vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/01/msg0...
mailing-listx_refsource_MLIST
https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
x_refsource_MISC

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2017-1000487 : Command Injection Vulnerability in Plexus-utils by Codehaus