The Commandline class in plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
OpenDaylight in Red Hat OpenStack 8 & 9 is released as a technical preview and is unsupported.
Updated statement and status of Satellite 6
This issue affects the versions of plexus-utils as shipped with Red Hat Enterprise Linux 7 as well as Red Hat Satellite 6.0 and 6.1. Red Hat Satellite 6.2 and later do not ship plexus-utils, as such they are not affected by this vulnerability. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products:
Red Hat JBoss Fuse
Via RHSA-2018:1322 https://access.redhat.com/errata/RHSA-2018:1322