Found by Veracode scan (score 9.8): https://saas.whitesourcesoftware.com/Wss/WSS.html#!libraryDetails;uuid=31a4bf00-65b8-4f87-9206-5cb283bf095d;project=1013379
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000487
"Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings."
Dependency hierarchy ("<-" = "brings in"):
Share <- spring-surf 6.11 <- maven-artifact 3.0.3 <- plexus-utils 2.0.6
- Depended on by
-
SHA-2301 [Spike] Investigate the security issues with CVSS 3 Score >= 9.5 on Share, Surf, Webscripts and Aikau
- Done