RHSA-2022:1861: Moderate: maven:3.5 security update
Published May 10, 2022
ยทUpdated
Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.Security Fix(es): apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Affected Software
75 affected componentsFixes available
redhat/aopalliance<1.0-17.module+el8+2452+b359bfcd
1.0-17.module+el8+2452+b359bfcd
redhat/apache-commons-cli<1.4-4.module+el8+2452+b359bfcd
1.4-4.module+el8+2452+b359bfcd
redhat/apache-commons-codec<1.11-3.module+el8+2452+b359bfcd
1.11-3.module+el8+2452+b359bfcd
redhat/apache-commons-io<2.6-3.module+el8+2452+b359bfcd
2.6-3.module+el8+2452+b359bfcd
redhat/apache-commons-lang3<3.7-3.module+el8+2452+b359bfcd
3.7-3.module+el8+2452+b359bfcd
redhat/apache-commons-logging<1.2-13.module+el8+2452+b359bfcd
1.2-13.module+el8+2452+b359bfcd
redhat/atinject<1-28.20100611svn86.module+el8+2452+b359bfcd
1-28.20100611svn86.module+el8+2452+b359bfcd
redhat/cdi-api<1.2-8.module+el8+2452+b359bfcd
1.2-8.module+el8+2452+b359bfcd
redhat/geronimo-annotation<1.0-23.module+el8+2452+b359bfcd
1.0-23.module+el8+2452+b359bfcd
redhat/glassfish-el<3.0.1-0.7.b08.module+el8+2452+b359bfcd
3.0.1-0.7.b08.module+el8+2452+b359bfcd
redhat/google-guice<4.1-11.module+el8+2452+b359bfcd
4.1-11.module+el8+2452+b359bfcd
redhat/guava20<20.0-8.module+el8+2452+b359bfcd
20.0-8.module+el8+2452+b359bfcd
redhat/hawtjni<1.16-2.module+el8+2452+b359bfcd
1.16-2.module+el8+2452+b359bfcd
redhat/httpcomponents-client<4.5.5-5.module+el8.6.0+13298+7b5243c0
4.5.5-5.module+el8.6.0+13298+7b5243c0
redhat/httpcomponents-core<4.4.10-3.module+el8+2452+b359bfcd
4.4.10-3.module+el8+2452+b359bfcd
redhat/jansi<1.17.1-1.module+el8+2452+b359bfcd
1.17.1-1.module+el8+2452+b359bfcd
redhat/jansi-native<1.7-7.module+el8+2452+b359bfcd
1.7-7.module+el8+2452+b359bfcd
redhat/jboss-interceptors<1.2-api-1.0.0-8.module+el8+2452+b359bfcd
1.2-api-1.0.0-8.module+el8+2452+b359bfcd
redhat/jsoup<1.11.3-3.module+el8+2452+b359bfcd
1.11.3-3.module+el8+2452+b359bfcd
redhat/maven<3.5.4-5.module+el8+2452+b359bfcd
3.5.4-5.module+el8+2452+b359bfcd
redhat/maven-resolver<1.1.1-2.module+el8+2452+b359bfcd
1.1.1-2.module+el8+2452+b359bfcd
redhat/maven-shared-utils<3.2.1-0.1.module+el8+2452+b359bfcd
3.2.1-0.1.module+el8+2452+b359bfcd
redhat/maven-wagon<3.1.0-1.module+el8+2452+b359bfcd
3.1.0-1.module+el8+2452+b359bfcd
redhat/plexus-cipher<1.7-14.module+el8+2452+b359bfcd
1.7-14.module+el8+2452+b359bfcd
redhat/plexus-classworlds<2.5.2-9.module+el8+2452+b359bfcd
2.5.2-9.module+el8+2452+b359bfcd
redhat/plexus-containers<1.7.1-8.module+el8+2452+b359bfcd
1.7.1-8.module+el8+2452+b359bfcd
redhat/plexus-interpolation<1.22-9.module+el8+2452+b359bfcd
1.22-9.module+el8+2452+b359bfcd
redhat/plexus-sec-dispatcher<1.4-26.module+el8+2452+b359bfcd
1.4-26.module+el8+2452+b359bfcd
redhat/plexus-utils<3.1.0-3.module+el8+2452+b359bfcd
3.1.0-3.module+el8+2452+b359bfcd
redhat/sisu<0.3.3-6.module+el8+2452+b359bfcd
0.3.3-6.module+el8+2452+b359bfcd
redhat/slf4j<1.7.25-4.module+el8+2452+b359bfcd
1.7.25-4.module+el8+2452+b359bfcd
redhat/aopalliance<1.0-17.module+el8+2452+b359bfcd
1.0-17.module+el8+2452+b359bfcd
redhat/apache-commons-cli<1.4-4.module+el8+2452+b359bfcd
1.4-4.module+el8+2452+b359bfcd
redhat/apache-commons-codec<1.11-3.module+el8+2452+b359bfcd
1.11-3.module+el8+2452+b359bfcd
redhat/apache-commons-io<2.6-3.module+el8+2452+b359bfcd
2.6-3.module+el8+2452+b359bfcd
redhat/apache-commons-lang3<3.7-3.module+el8+2452+b359bfcd
3.7-3.module+el8+2452+b359bfcd
redhat/apache-commons-logging<1.2-13.module+el8+2452+b359bfcd
1.2-13.module+el8+2452+b359bfcd
redhat/atinject<1-28.20100611svn86.module+el8+2452+b359bfcd
1-28.20100611svn86.module+el8+2452+b359bfcd
redhat/cdi-api<1.2-8.module+el8+2452+b359bfcd
1.2-8.module+el8+2452+b359bfcd
redhat/geronimo-annotation<1.0-23.module+el8+2452+b359bfcd
1.0-23.module+el8+2452+b359bfcd
redhat/glassfish-el-api<3.0.1-0.7.b08.module+el8+2452+b359bfcd
3.0.1-0.7.b08.module+el8+2452+b359bfcd
redhat/google-guice<4.1-11.module+el8+2452+b359bfcd
4.1-11.module+el8+2452+b359bfcd
redhat/guava20<20.0-8.module+el8+2452+b359bfcd
20.0-8.module+el8+2452+b359bfcd
redhat/hawtjni-runtime<1.16-2.module+el8+2452+b359bfcd
1.16-2.module+el8+2452+b359bfcd
redhat/httpcomponents-client<4.5.5-5.module+el8.6.0+13298+7b5243c0
4.5.5-5.module+el8.6.0+13298+7b5243c0
redhat/httpcomponents-core<4.4.10-3.module+el8+2452+b359bfcd
4.4.10-3.module+el8+2452+b359bfcd
redhat/jansi<1.17.1-1.module+el8+2452+b359bfcd
1.17.1-1.module+el8+2452+b359bfcd
redhat/jboss-interceptors<1.2-api-1.0.0-8.module+el8+2452+b359bfcd
1.2-api-1.0.0-8.module+el8+2452+b359bfcd
redhat/jcl-over-slf4j<1.7.25-4.module+el8+2452+b359bfcd
1.7.25-4.module+el8+2452+b359bfcd
redhat/jsoup<1.11.3-3.module+el8+2452+b359bfcd
1.11.3-3.module+el8+2452+b359bfcd
redhat/maven<3.5.4-5.module+el8+2452+b359bfcd
3.5.4-5.module+el8+2452+b359bfcd
redhat/maven-lib<3.5.4-5.module+el8+2452+b359bfcd
3.5.4-5.module+el8+2452+b359bfcd
redhat/maven-resolver-api<1.1.1-2.module+el8+2452+b359bfcd
1.1.1-2.module+el8+2452+b359bfcd
redhat/maven-resolver-connector-basic<1.1.1-2.module+el8+2452+b359bfcd
1.1.1-2.module+el8+2452+b359bfcd
redhat/maven-resolver-impl<1.1.1-2.module+el8+2452+b359bfcd
1.1.1-2.module+el8+2452+b359bfcd
redhat/maven-resolver-spi<1.1.1-2.module+el8+2452+b359bfcd
1.1.1-2.module+el8+2452+b359bfcd
redhat/maven-resolver-transport-wagon<1.1.1-2.module+el8+2452+b359bfcd
1.1.1-2.module+el8+2452+b359bfcd
redhat/maven-resolver-util<1.1.1-2.module+el8+2452+b359bfcd
1.1.1-2.module+el8+2452+b359bfcd
redhat/maven-shared-utils<3.2.1-0.1.module+el8+2452+b359bfcd
3.2.1-0.1.module+el8+2452+b359bfcd
redhat/maven-wagon-file<3.1.0-1.module+el8+2452+b359bfcd
3.1.0-1.module+el8+2452+b359bfcd
redhat/maven-wagon-http<3.1.0-1.module+el8+2452+b359bfcd
3.1.0-1.module+el8+2452+b359bfcd
redhat/maven-wagon-http-shared<3.1.0-1.module+el8+2452+b359bfcd
3.1.0-1.module+el8+2452+b359bfcd
redhat/maven-wagon-provider-api<3.1.0-1.module+el8+2452+b359bfcd
3.1.0-1.module+el8+2452+b359bfcd
redhat/plexus-cipher<1.7-14.module+el8+2452+b359bfcd
1.7-14.module+el8+2452+b359bfcd
redhat/plexus-classworlds<2.5.2-9.module+el8+2452+b359bfcd
2.5.2-9.module+el8+2452+b359bfcd
redhat/plexus-containers-component-annotations<1.7.1-8.module+el8+2452+b359bfcd
1.7.1-8.module+el8+2452+b359bfcd
redhat/plexus-interpolation<1.22-9.module+el8+2452+b359bfcd
1.22-9.module+el8+2452+b359bfcd
redhat/plexus-sec-dispatcher<1.4-26.module+el8+2452+b359bfcd
1.4-26.module+el8+2452+b359bfcd
redhat/plexus-utils<3.1.0-3.module+el8+2452+b359bfcd
3.1.0-3.module+el8+2452+b359bfcd
redhat/sisu-inject<0.3.3-6.module+el8+2452+b359bfcd
0.3.3-6.module+el8+2452+b359bfcd
redhat/sisu-plexus<0.3.3-6.module+el8+2452+b359bfcd
0.3.3-6.module+el8+2452+b359bfcd
redhat/slf4j<1.7.25-4.module+el8+2452+b359bfcd
1.7.25-4.module+el8+2452+b359bfcd
redhat/jansi-native<1.7-7.module+el8+2452+b359bfcd
1.7-7.module+el8+2452+b359bfcd
redhat/jansi-native<1.7-7.module+el8+2452+b359bfcd
1.7-7.module+el8+2452+b359bfcd
redhat/jansi-native<1.7-7.module+el8+2452+b359bfcd.aa
1.7-7.module+el8+2452+b359bfcd.aa
Remediation
Event History
Feb 12, 2026
Advisory Published
via Red Hatยท03:11 PM
Data Sourced
via Red Hatยท03:11 PM
RemedyDescriptionAffected Software
Frequently Asked Questions
1
What is the severity of RHSA-2022:1861?
The severity of RHSA-2022:1861 is critical.
2
How do I fix RHSA-2022:1861?
To fix RHSA-2022:1861, update the affected packages to their latest versions as specified in the advisory.
3
What packages are affected by RHSA-2022:1861?
RHSA-2022:1861 affects multiple packages including apache-httpclient, maven, and various commons libraries.
4
Is there a workaround for RHSA-2022:1861?
There is no official workaround for RHSA-2022:1861; patching the affected software is recommended.
5
When was RHSA-2022:1861 released?
RHSA-2022:1861 was released on June 24, 2022.