Strix
26.1K

CVE-2019-20343

CRITICALCVSS 9.8/10EPSS 2.41%

Last modified

CVE-2019-20343 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).. EPSS estimates a 2.41% chance of exploitation in the next 30 days.

Description

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.41%

82.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MojohausExec Maven1.1.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-20343?
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).
How severe is CVE-2019-20343?
CVE-2019-20343 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.41% probability of exploitation in the next 30 days.
How do I fix CVE-2019-20343?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-20343?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST