Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Maven
(Apache)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 2 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-04-23 | CVE-2021-26291 | Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a... | Maven, Financial_services_analytical_applications_infrastructure, Goldengate_big_data_and_application_adapters, Quarkus | 9.1 | ||
2013-04-09 | CVE-2013-0253 | The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. | Maven | N/A |