CVE-2019-20343

Name of the Vulnerable Software and Affected Versions The MojoHaus Exec Maven plugin version 1.1.1

Description The issue allows code execution via a crafted XML document. This is possible because a configuration element, within a plugin element, can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element.

Recommendations For The MojoHaus Exec Maven plugin version 1.1.1, consider restricting the use of the executable element and arguments element within the plugin configuration to minimize the risk of exploitation.