VDB
CNVD-2021-36229
CNVD-2021-36229
PUBLISHED
Apache Maven是美国阿帕奇(Apache)基金会的一个应用软件。一个软件项目管理和理解工具。 Apache Maven存在安全漏洞,该漏洞源于一个恶意的参与者接管了该存储库或能够将自己插入到一个位置来假装是该存储库,就会导致潜在的风险。目前没有详细的漏洞细节提供。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache Software Foundation | Apache Maven | * |
Exploit Intelligence
- https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E (circl)
- [maven-dev] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default (circl)
- [oss-security] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default (circl)
- [announce] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default (circl)
- [jena-dev] 20210428 FYI: Maven CVE-2021-26291 (circl)
- [jena-dev] 20210429 Re: FYI: Maven CVE-2021-26291 (circl)
- [myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix (circl)
- [kafka-jira] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291 (circl)
- [kafka-dev] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291 (circl)
- [kafka-jira] 20210520 [GitHub] [kafka] dongjinleekr opened a new pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291 (circl)
…and 45 more exploits
Timeline
- Feb 18, 2021 CVE Published
- Apr 7, 2022 PoC Published
- Oct 21, 2023 PoC Published
- Nov 17, 2024 PoC Published
- Apr 13, 2026 PoC Published
References
- https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E url
- [maven-dev] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default mailing-list
- [oss-security] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default mailing-list
- [announce] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default mailing-list
- [jena-dev] 20210428 FYI: Maven CVE-2021-26291 mailing-list
- [jena-dev] 20210429 Re: FYI: Maven CVE-2021-26291 mailing-list
- [myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix mailing-list
- [kafka-jira] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-dev] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-jira] 20210520 [GitHub] [kafka] dongjinleekr opened a new pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-jira] 20210520 [jira] [Assigned] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-jira] 20210521 [GitHub] [kafka] omkreddy merged pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-dev] 20210521 [jira] [Resolved] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-commits] 20210521 [kafka] branch 2.6 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-commits] 20210521 [kafka] branch 2.8 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-jira] 20210521 [jira] [Resolved] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-commits] 20210521 [kafka] branch 2.7 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291 mailing-list
- [kafka-users] 20210617 vulnerabilities mailing-list
- [karaf-issues] 20210718 [jira] [Created] (KARAF-7224) Impact of CVE-2021-26291 on Karaf mailing-list
- [karaf-issues] 20210718 [jira] [Created] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291 mailing-list
…and 23 more