TencentOS Server 4: plexus-archiver (TSSA-2024:0842)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0842 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CBL Mariner 2.0 Security Update: javapackages-bootstrap (CVE-2023-37460)

The version of javapackages-bootstrap installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-37460 advisory. - Plexis Archiver is a collection of Plexus components to create archives or extract archives ...

Important: javapackages-bootstrap

Issue Overview: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remot...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2024-608)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-608 advisory. Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for...

CVE-2023-37460

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

Design/Logic Flaw

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

CVE-2023-37460

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

CVE-2023-37460

CVE-2023-37460 affects Plexis Archiver (Plexus Archiver) prior to version 4.8.0. The issue arises when extracting archives with an entry that already exists as a symlink whose target does not exist; resolveFile() returns the symlink source instead of the target, allowing subsequent Files.newOutpu...

CVE-2023-37460 Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

PT-2023-25975 · Unknown +1 · Plexis Archiver +1

Name of the Vulnerable Software and Affected Versions: Plexis Archiver versions prior to 4.8.0 Description: The issue arises when using AbstractUnArchiver for extracting an archive, potentially leading to arbitrary file creation and possibly remote code execution. This occurs when an archive entr...

Plexis Archiver 安全漏洞

archiver is a compression/decompression utility program. A security vulnerability exists in Plexis Archiver versions prior to 4.8.0, which stems from the fact that extracting archives using AbstractUnArchiver can lead to arbitrary file creation and remote code execution...