Uploaded image for project: 'Talend Component Kit'
  1. Talend Component Kit
  2. TCOMP-1816

Apache Maven Shared Utils: OS Command Injection in Talend/component-runtime

Apply templateInsert Lucidchart Diagram
    XMLWordPrintable

Details

    • Work Item
    • Resolution: Done
    • Blocker
    • 1.1.27
    • None
    • None

    Description

      OS Command Injection in Talend/component-runtime (master)

      Issue Details

      • Vulnerability: OS Command Injection
      • Severity: High
      • Project: Talend/component-runtime
      • Branch: master
      • Scan Date: Unknown

      Issue Description

      maven-shared-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS via the Commandline class due to insecure validation and escaping of double-quoted strings.

      View more details

      and https://sca.analysiscenter.veracode.com/workspaces/WzzF47x/issues/vulnerabilities/51179269

      Attachments

        Activity

          People

            emmanuel_g emmanuel gallois
            pteyssier pierre teyssier
            emmanuel gallois
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: