ROOT-APP-MAVEN-CVE-2025-67030 CVE-2025-67030 in io.root.org.codehaus.plexus:plexus-utils - Patched by Root

Root has patched CVE-2025-67030 in the io.root.org.codehaus.plexus:plexus-utils package for Root:Maven. Multiple fixed versions available...

ROS-20240503-18

A vulnerability in the Apache Maven framework is related to the generation of double-quoted strings without proper escaping. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a shell-based attack. shell attacks A vulnerability in the Apache Maven framework is...

maven:3.5 security update

...

Man-in-the-middle (MitM)

apache-maven is vulnerable to Man-in-the-middle MitM. The vulnerability exists because it allows downloading code from external repositories via HTTP by default, resulting in a potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to preten...

CVE-2020-7904

In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS...

aero.loretta:sdk-api-client (>=1.0.0 <=1.0.3), ai.entrolution:thylacine_2.13 (>=0.11.0 <=0.16.0) +9867 more potentially affected by CVE-2016-3720 via com.fasterxml.jackson.dataformat:jackson-dataformat-xml (>=2.0.0-RC2 <=2.7.3)

com.fasterxml.jackson.dataformat:jackson-dataformat-xml MAVEN version =2.0.0-RC2, =1.0.0, =0.11.0, =0.13.0, =0.5.1, =0.5.1, =0.5.1, =0.7.0, =0.6.1, =0.6.1, =0.7.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.10.0 and more Source cves: CVE-2016-3720 Source advisory: OSV:GHSA-HMQ6-FRV3-4727...