CVE-2017-1000487

high-risk

Published 2018-01-03

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

Do I need to act?

7.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: cf317f9b4070c3c619e9ee75a3e38bea3ff621c1, b38a1b3a4352303e4312b2bb601a0d7ec6e28f41

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Plexus-Utils

Debian Linux

Debian Codehaus-Plexus

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1322

Patch https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb6...

Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00010.html

Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00011.html

Patch https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522

Third Party Advisory https://www.debian.org/security/2018/dsa-4146

Third Party Advisory https://www.debian.org/security/2018/dsa-4149

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1322

Patch https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb6...

Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00010.html

Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00011.html

Patch https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522

and 2 more references

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 10/34 · Low

Exposure 10/34 · Low