It was discovered that Apache Maven followed repositories that are defined in a dependency’s Project Object Model (pom) even if the repositories weren't encryptedh (http protocol). An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service.
Continue reading...
Continue reading...