CVE-2019-20343 — CRITICAL (9.8)

Vulnerability Description

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mojohaus	Exec Maven	1.1.1

Related Weaknesses (CWE)

CWE-94

References

https://drive.google.com/open?id=0B5UvrSwn4wuwTnNqSzZESjIwZHo5ZXhWdHh2T2Z0eWRCT1Third Party Advisory
https://drive.google.com/open?id=1GLs0d9IGArMVrlbEGbxgCjA1MuzIJk-3Third Party Advisory
https://www.mojohaus.org/exec-maven-plugin/Vendor Advisory
https://drive.google.com/open?id=0B5UvrSwn4wuwTnNqSzZESjIwZHo5ZXhWdHh2T2Z0eWRCT1Third Party Advisory
https://drive.google.com/open?id=1GLs0d9IGArMVrlbEGbxgCjA1MuzIJk-3Third Party Advisory
https://www.mojohaus.org/exec-maven-plugin/Vendor Advisory

FAQ

What is CVE-2019-20343?

CVE-2019-20343 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executa...

How severe is CVE-2019-20343?

CVE-2019-20343 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-20343?

Check the references section above for vendor advisories and patch information. Affected products include: Mojohaus Exec Maven.