TencentOS Server 4: plexus-archiver (TSSA-2024:0842)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0842 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

OESA-2025-1670 plexus-archiver security update

The Plexus project provides a full software stack for creating and executing software projects. It provides a number of pre-built components for common tasks and toolkits such as Jetty, Velocity, Hibernate, i18n, and many more. However, Plexus is also able to reuse your existing components writte...

CBL Mariner 2.0 Security Update: javapackages-bootstrap (CVE-2023-37460)

The version of javapackages-bootstrap installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-37460 advisory. - Plexis Archiver is a collection of Plexus components to create archives or extract archives ...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2024-608)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-608 advisory. Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for...

CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4

CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4. A patched version of the package is available...

CentOS 7 : plexus-archiver (RHSA-2023:6886)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6886 advisory. - Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to...

Important: Red Hat Security Advisory: plexus-archiver security update

An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

RHEL 7 : plexus-archiver (RHSA-2023:6886)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6886 advisory. The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can...

plexus-archiver security update

0:2.4.2-6 - Avoid override target symlink by standard file in AbstractUnArchiver - Fixes: CVE-2023-37460...

Amazon Linux 2023 : plexus-archiver, plexus-archiver-javadoc (ALAS2023-2023-421)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-421 advisory. Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for...

SUSE CVE-2023-37460

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4

CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4. A patched version of the package is available...

CVE-2023-37460

CVE-2023-37460 affects Plexis Archiver (Plexus Archiver) prior to version 4.8.0. The issue arises when extracting archives with an entry that already exists as a symlink whose target does not exist; resolveFile() returns the symlink source instead of the target, allowing subsequent Files.newOutpu...