[TDI-45272] Apache Maven Shared Utils: OS Command Injection in Talend/cloud-components - Talend Open Integration Solution

Apply template

XML

Word

Printable

Details

Type: Work Item
Status: Done
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: connectors/1.17.0
Component/s: None
Labels:
- CN

Platform:
All
Epic Link:
Fix high CVE issues detected by Veracode/SourceClear
GreenHopper Ranking:
0|i1wt8b:
GreenHopper Ranking (Obsolete):
9223372036854775807
Project Size:
Small

Description

OS Command Injection in Talend/component-runtime (master)
Issue Details
Vulnerability: OS Command Injection
Severity: High
Project: Talend/component-runtime
Branch: master
Scan Date: Unknown
Issue Description
maven-shared-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS via the Commandline class due to insecure validation and escaping of double-quoted strings.

View more details

and https://sca.analysiscenter.veracode.com/workspaces/WzzF47x/issues/vulnerabilities/51179269

Attachments

Issue Links

opened Bug(s)

TCOMP-1816 Apache Maven Shared Utils: OS Command Injection in Talend/component-runtime

Done

Activity

People

Assignee:: pierre teyssier

Reporter:: emmanuel gallois

Fixed by:: Christophe LeSaec, Liang Xia

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Nov/20 12:13 PM

Updated:: 23/Dec/20 7:38 AM

Resolved:: 23/Dec/20 2:31 AM

Start date:: 26/Nov/2020

Time Tracking

Estimated:

Remaining:

Logged: