Showing 1 - 6 of 6

CVE-2021-26291

Status Candidate

Overview

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

Related Files

Red Hat Security Advisory 2024-0776-03: Posted Feb 13, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0776-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, xss; systems | linux, redhat; advisories | CVE-2021-26291; SHA-256 | 066ec355713bdfb5d17ff8adb414021618bb7df8ac5b4fbee6ddd1731eff0030; Download | Favorite | View

Red Hat Security Advisory 2023-3198-01: Posted May 18, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-3198-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, information leakage, and insecure permissions vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, xss, csrf; systems | linux, redhat; advisories | CVE-2021-26291, CVE-2022-1471, CVE-2022-25857, CVE-2022-29599, CVE-2022-30953, CVE-2022-30954, CVE-2022-42889, CVE-2022-43401, CVE-2022-43402, CVE-2022-43403, CVE-2022-43404, CVE-2022-43405, CVE-2022-43406, CVE-2022-43407; SHA-256 | 90baa6d6f8737bc29288b3b786655a657c5e97ed240d5aeb004a1660ffaa76c6; Download | Favorite | View

Ubuntu Security Notice USN-5805-1: Posted Jan 17, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5805-1 - It was discovered that Apache Maven followed repositories that are defined in a dependency’s Project Object Model even if the repositories weren't encryptedh. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2021-26291; SHA-256 | a994e0c1fd7836e3a9df4f7c9e76467190a7cd448ff3e20b7b5b49e5f7837ec3; Download | Favorite | View

Red Hat Security Advisory 2022-1029-01: Posted Mar 23, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1029-01 - A micro version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include cross site scripting, denial of service, information leakage, and server-side request forgery vulnerabilities.; tags | advisory, denial of service, vulnerability, xss; systems | linux, redhat; advisories | CVE-2020-15522, CVE-2020-27218, CVE-2020-8908, CVE-2021-20293, CVE-2021-21349, CVE-2021-26291, CVE-2021-28168, CVE-2021-28170, CVE-2021-33813, CVE-2021-3690, CVE-2022-24407; SHA-256 | e1a2e4b551ccd5d032fc05c0712cca1e96b04eea7c46e8e7109f20f450bbd890; Download | Favorite | View

Red Hat Security Advisory 2022-1013-01: Posted Mar 23, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1013-01 - Red Hat Integration - Camel Extensions for Quarkus 2.2.1 serves as a replacement for 2.2 and includes security fixes. Issues addressed include code execution, denial of service, deserialization, information leakage, and memory leak vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, memory leak; systems | linux, redhat; advisories | CVE-2020-15522, CVE-2020-8908, CVE-2021-22569, CVE-2021-2471, CVE-2021-26291, CVE-2021-28168, CVE-2021-28170, CVE-2021-30129, CVE-2021-37136, CVE-2021-37137, CVE-2021-40690, CVE-2021-41269, CVE-2021-4178, CVE-2021-42392; SHA-256 | d5cfb7d93bd17d4a300c3574ceea4314e4c04e0e4b82484593f5c02a870e2682; Download | Favorite | View

Red Hat Security Advisory 2021-3880-01: Posted Oct 20, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3880-01 - This release of Red Hat build of Quarkus 2.2.3 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include an information leakage vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-28491, CVE-2021-20289, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-26291, CVE-2021-3642; SHA-256 | b29513db3b841e348c1c412387fb1dbe89dde6df1c0b96058ae480c121a6b7c3; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2021-26291

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems