alsa-2022:1861
Vulnerability from osv_almalinux
Published
2022-05-10 08:04
Modified
2022-05-10 08:04
Summary
Moderate: maven:3.5 security update
Details
Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.
Security Fix(es):
- apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aopalliance"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0-17.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apache-commons-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4-4.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apache-commons-codec"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11-3.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apache-commons-io"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.6-3.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apache-commons-lang3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7-3.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apache-commons-logging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2-13.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "atinject"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1-28.20100611svn86.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cdi-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2-8.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "geronimo-annotation"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0-23.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "glassfish-el-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1-0.7.b08.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "google-guice"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1-11.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "guava20"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20.0-8.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "hawtjni-runtime"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16-2.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "httpcomponents-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.5-5.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "httpcomponents-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.10-3.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "jansi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.1-1.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "jansi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.1-1.module_el8.0.0+6044+f3cbc35d"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "jansi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.1-1.module_el8.4.0+2250+516cbbff"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "jansi-native"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7-7.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "jboss-interceptors-1.2-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-8.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "jcl-over-slf4j"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.25-4.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "jsoup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.3-3.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:3.5.4-5.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-lib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:3.5.4-5.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-resolver-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.1.1-2.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-resolver-connector-basic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.1.1-2.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-resolver-impl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.1.1-2.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-resolver-spi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.1.1-2.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-resolver-transport-wagon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.1.1-2.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-resolver-util"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.1.1-2.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-shared-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.1-0.1.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-wagon-file"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-1.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-wagon-http"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-1.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-wagon-http-shared"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-1.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "maven-wagon-provider-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-1.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "plexus-cipher"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7-14.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "plexus-classworlds"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.2-9.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "plexus-containers-component-annotations"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.1-8.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "plexus-interpolation"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22-9.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "plexus-sec-dispatcher"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4-26.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "plexus-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-3.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "sisu-inject"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.3.3-6.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "sisu-plexus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.3.3-6.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "slf4j"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.25-4.module_el8.6.0+2752+f1f3449e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "slf4j"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.25-4.module_el8.5.0+2577+9e95fe00"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project\u0027s build, reporting and documentation from a central piece of information.\n\nSecurity Fix(es):\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2022:1861",
"modified": "2022-05-10T08:04:46Z",
"published": "2022-05-10T08:04:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-1861.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-13956"
}
],
"related": [
"CVE-2020-13956"
],
"summary": "Moderate: maven:3.5 security update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…