CVE-2021-26291

Origin Validation Error in maven/org.apache.maven/maven

Identifier

CVE-2021-26291

Package Slug

maven/org.apache.maven/maven

Vulnerability

Origin Validation Error

Description

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.

Affected Versions

All versions before 3.8.1

Solution

Upgrade to version 3.8.1 or above.

Last Modified

2021-05-05

source