Uploaded image for project: 'Talend Component Kit'
  1. Talend Component Kit
  2. TCOMP-1816

Apache Maven Shared Utils: OS Command Injection in Talend/component-runtime

Details

    • Work Item
    • Status: Done
    • Blocker
    • Resolution: Done
    • None
    • 1.1.27
    • None

    Description

      OS Command Injection in Talend/component-runtime (master)

      Issue Details

      • Vulnerability: OS Command Injection
      • Severity: High
      • Project: Talend/component-runtime
      • Branch: master
      • Scan Date: Unknown

      Issue Description

      maven-shared-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS via the Commandline class due to insecure validation and escaping of double-quoted strings.

      View more details

      and https://sca.analysiscenter.veracode.com/workspaces/WzzF47x/issues/vulnerabilities/51179269

      Attachments

        Issue Links

          Activity

            People

              emmanuel_g emmanuel gallois
              pteyssier pierre teyssier
              emmanuel gallois
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: