{"schema_version": "1.6.1", "id": "CVE-2022-29599", "summary": "Commandline class shell injection vulnerabilities", "details": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "maven-shared-utils"}, {"fixed": "3.3.3"}]}]}], "references": [{"type": "REPORT", "url": "https://issues.apache.org/jira/browse/MSHARED-297"}, {"type": "ADVISORY", "url": "https://github.com/apache/maven-shared-utils/pull/40"}]}