CVE-2017-1000487: OS Command Injection
Published Jan 3, 2018
·Updated
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
Affected Software
8 affected componentsFixes available
debian/plexus-utils2
3.1.1-13.3.0-13.4.2-1
redhat/plexus-utils<3.0.16
3.0.16
maven/org.codehaus.plexus:plexus-utils<3.0.16
3.0.16
Codehaus-plexus Plexus-utils<3.0.16
Debian Debian Linux=7.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Plexus-utils Project Plexus-utils<3.0.16
Remediation
Patch Available
Event History
Jan 3, 2018
CVE Published
via MITRE·08:00 PM
Data Sourced
via MITRE·08:00 PM
Description
Jan 9, 2018
Data Sourced
via Red Hat·06:37 AM
DescriptionSeverityAffected Software
May 13, 2022
Advisory Published
via GitHub·01:11 AM
Frequently Asked Questions
1
What is the severity of CVE-2017-1000487?
CVE-2017-1000487 is classified as a command injection vulnerability that can potentially allow an attacker to execute arbitrary commands.
2
How do I fix CVE-2017-1000487?
To fix CVE-2017-1000487, upgrade to Plexus-utils version 3.0.16 or later.
3
Which versions of Plexus-utils are affected by CVE-2017-1000487?
Versions of Plexus-utils before 3.0.16 are affected by CVE-2017-1000487.
4
Does CVE-2017-1000487 affect Debian users?
Yes, users of Debian versions 7.0, 8.0, and 9.0 with affected Plexus-utils installations are vulnerable to CVE-2017-1000487.
5
What kind of attack can CVE-2017-1000487 facilitate?
CVE-2017-1000487 can facilitate remote command execution attacks by improperly processing double quoted strings.