ai.langsa:start-with-langsa-plugin (>=0.1 <=0.5), app.keyconnect.api:keyconnect-api (=1.0.0) +8319 more potentially affected by CVE-2021-26291 via org.apache.maven:maven-core (>=2.0 <=3.6.3)

org.apache.maven:maven-core MAVEN version =2.0, =0.1, =1.0.0, =1.1.1, =1.0.0, =3.0.1, =1.0, =4.1.0, =4.0.0, =4.0.10 and more Source cves: CVE-2021-26291 Source advisory: OSV:GHSA-2F88-5HG8-9X2X...

Arbitrary File Write

maven-core is vulnerable to arbitrary file writes. The application does not properly validate the destination filepath when during zip file extraction, allowing a malicious user to control the write destination and overwrite files...