CVE-2017-1000487

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Plexus-utils versions prior to 3.0.16

Description The issue arises from the incorrect processing of double quoted strings, leading to command injection. This could allow a remote attacker to execute arbitrary commands.

Recommendations For versions prior to 3.0.16, update to version 3.0.16 or later to resolve the issue. As a temporary workaround, consider restricting the use of double quoted strings in commands until a patch is applied.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2022-02758

CVE-2017-1000487

DLA-1236-1

DLA-1237-1

DSA-4146-1

DSA-4149-1

GHSA-8VHQ-QQ4P-GRQ3

SNYK-JAVA-ORGCODEHAUSPLEXUS-31522

Affected Products

Plexus-Utils

CVE-2017-1000487

Weakness Enumeration

Related Identifiers

Affected Products

References · 29