CVE-2017-1000487

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

Published Jan 9, 2018

CVSS ScoreCritical

9.8

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

Published Jan 9, 2018

CVSS ScoreCritical

9.8

CVE ID: CVE-2017-1000487
CWE: CWE-78
CVE Description: Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
Published: Jan 9, 2018
CVSS Score & Severity: 9.8Critical
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 7.798%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/codehaus/plexus/util/cli/Commandline.execute()Ljava/lang/Process;
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: Red Hat · Security advisoryTHIRD_PARTY
Apache Jira · MSHARED-297THIRD_PARTY

CVE ID: CVE-2017-1000487
CWE: CWE-78
CVE Description: Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
Published: Jan 9, 2018
CVSS Score & Severity: 9.8Critical
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 7.798%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/codehaus/plexus/util/cli/Commandline.execute()Ljava/lang/Process;
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: Red Hat · Security advisoryTHIRD_PARTY
Apache Jira · MSHARED-297THIRD_PARTY

Find vulnerabilities. Fix fast with AI.