Vulnerability

CVE-2017-1000487

 Report advisory or correction

CVSS Score 9.8 critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78

References

https://access.redhat.com/security/cve/cve-2017-1000487
https://issues.apache.org/jira/browse/MSHARED-297
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000487

[CVE-2017-1000487] CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

See org.codehaus.plexus/plexus-utils package information