Known Vulnerabilities for Maven by Apache
Listed below are 3 of the newest known vulnerabilities associated with "Maven" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-37714 | jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may ... | 7.5 - HIGH | 2021-08-18 | 2023-11-07 |
| CVE-2021-26291 | Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising... | 9.1 - CRITICAL | 2021-04-23 | 2023-11-07 |
| CVE-2013-0253 | The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows re... | 5.8 - MEDIUM | 2013-04-09 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Maven | 3.0.5 | All | All | All |
| Application | Apache | Maven | 3.0.4 | All | All | All |
| Application | Apache | Maven | 3.0.3 | All | All | All |
| Application | Apache | Maven | 3.0.2 | All | All | All |
| Application | Apache | Maven | 3.0.1 | All | All | All |
| Application | Apache | Maven | 3.0 | All | All | All |