Important: plexus-archiver

Issue Overview: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remot...

Directory traversal

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

au.net.causal.maven.plugins:boxdb-maven-plugin (>=1.0 <=3.3), au.net.causal.maven.plugins:browserbox-maven-plugin (=1.0) +572 more potentially affected by CVE-2018-1002200 via org.codehaus.plexus:plexus-archiver (>=3.0 <=3.5)

org.codehaus.plexus:plexus-archiver MAVEN version =3.0, =1.0, =0.7.8, =0.6.0, =0.6.0, =0.6.0, =1.4.14, =1.2.1, =1.20, =0.0.3, =0.0.21, =0.0.3, =0.0.3, =0.0.3, =0.0.16 and more Source cves: CVE-2018-1002200 Source advisory: SNYK:JAVA-ORGCODEHAUSPLEXUS-31680...