Apache Maven vulnerabilities

CVE-2021-26291 [CRITICAL] CWE-346 CVE-2021-26291: Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to n

CVE-2013-0253 [MEDIUM] CWE-16 CVE-2013-0253: The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificat The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.