Predictable temporary file name leading to local arbitrary code execution
When a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.
Advisories for Maven/Jline/Jline package
2013
2012
XSS in the regular expression engine when processing invalid UTF-8 byte sequences
The regular expression engine in this package, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.