Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1581)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1581 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...

Important: javapackages-bootstrap

Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: javapackages-bootstrap Issue...

CVE-2026-24400 affecting package javapackages-bootstrap for versions less than 1.14.0-4

CVE-2026-24400 affecting package javapackages-bootstrap for versions less than 1.14.0-4. A patched version of the package is available...

AZL-75431 CVE-2026-24400 affecting package javapackages-bootstrap for versions less than 1.14.0-4

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

Azure Linux 3.0 Security Update: javapackages-bootstrap (CVE-2024-25710)

The version of javapackages-bootstrap installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25710 advisory. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons...

Low: javapackages-bootstrap

Issue Overview: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on...

CVE-2024-25710 affecting package javapackages-bootstrap for versions less than 1.14.0-2

CVE-2024-25710 affecting package javapackages-bootstrap for versions less than 1.14.0-2. A patched version of the package is available...

CVE-2021-26291 affecting package javapackages-bootstrap for versions less than 1.5.0-6

CVE-2021-26291 affecting package javapackages-bootstrap for versions less than 1.5.0-6. A patched version of the package is available...

CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.5.0-6

CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.5.0-6. A patched version of the package is available...

CVE-2021-36374 affecting package javapackages-bootstrap for versions less than 1.5.0-6

CVE-2021-36374 affecting package javapackages-bootstrap for versions less than 1.5.0-6. A patched version of the package is available...

Azure Linux 3.0 Security Update: ant / javapackages-bootstrap (CVE-2021-36374)

The version of ant / javapackages-bootstrap installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-36374 advisory. - When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant buil...

CBL Mariner 2.0 Security Update: ant / javapackages-bootstrap (CVE-2021-36374)

The version of ant / javapackages-bootstrap installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-36374 advisory. - When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant buil...

CBL Mariner 2.0 Security Update: javapackages-bootstrap (CVE-2023-37460)

The version of javapackages-bootstrap installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-37460 advisory. - Plexis Archiver is a collection of Plexus components to create archives or extract archives ...

Important: javapackages-bootstrap

Issue Overview: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remot...

Important: javapackages-bootstrap

Issue Overview: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remot...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2024-608)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-608 advisory. Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for...

CVE-2021-36374 affecting package javapackages-bootstrap for versions less than 1.14.0-2

CVE-2021-36374 affecting package javapackages-bootstrap for versions less than 1.14.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.14.0-2

CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.14.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-2976 affecting package javapackages-bootstrap for versions less than 1.5.0-5

CVE-2023-2976 affecting package javapackages-bootstrap for versions less than 1.5.0-5. An upgraded version of the package is available that resolves this issue...

Important: javapackages-bootstrap

Issue Overview: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-25710 Affected Packages:...