Arbitrary Code Execution Vulnerability in MojoHaus Exec Maven Plugin 1.1.1

Arbitrary Code Execution Vulnerability in MojoHaus Exec Maven Plugin 1.1.1

CVE-2019-20343 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).

Learn more about our Web Application Penetration Testing UK.