Ubuntu Security Update USN-5805-1: Apache Maven vulnerability

[LinuxBot]

It was discovered that Apache Maven followed repositories that are defined in a dependency’s Project Object Model (pom) even if the repositories weren't encryptedh (http protocol). An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service.

Continue reading...