CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2), au.com.acegi:xml-format-maven-plugin (>=4.0.1 <=4.1.0) +1991 more potentially affected by CVE-2025-67030 via org.codehaus.plexus:plexus-utils (>=4.0.0 <=4.0.2)

org.codehaus.plexus:plexus-utils MAVEN version =4.0.0, =9.1.1, =4.0.1, =0.0.1, =0.0.9, =0.4.0, =0.0.0, =1.9.2, =1.0.0-M5, =1.0.0-M6, =1.0.0-M1, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =1.0.0-M10 and more Source cves: CVE-2025-67030 Source advisory: SNYK:JAVA-ORGCODEHAUSPLEXUS-15766699...

PT-2026-28076

Name of the Vulnerable Software and Affected Versions plexus-utils versions prior to 6d780b3378829318ba5c2d29547e0012d5b29642 Description A directory traversal issue exists in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils. This allows an attacker to execute arbitrary...

EUVD-2022-3243

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-1000487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. CVE-2017-1000487 Note...

RHEL 7 : plexus-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - plexus-utils: Mishandled strings in Commandline class allow for command injection CVE-2017-1000487 Note that Nessus...

Fedora: Security Advisory for plexus-utils (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ai.libs.thirdparty:interruptible-meka (>=0.1.0 <=0.1.2), ai.rev.speechtotext:revai-java-sdk-speechtotext (>=1.0.0 <=1.4.0) +13295 more potentially affected by CVE-2022-4245 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.0.23)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1.0, =1.0.0, =2.1.0, =0.0.13, =1.13.3, =1.0.0, =1.1.1, =1.0.0, =1.0, =1.3 - at.makubi.maven.plugin:rpm-systemd-maven-plugin =1.0.1 - at.molindo:git-commit-id-plugin =2.1.10-alpha-1 and more Source cves: CVE-2022-4245 Source advisory:...

maven bug fix and enhancement update

An update is available for plexus-interpolation, httpcomponents-core, maven-wagon, maven, google-guice, jsoup, jansi, apache-commons-io, apache-commons-lang3, maven-shared-utils, plexus-utils, plexus-classworlds, jakarta-annotations, httpcomponents-client, apache-commons-codec, plexus-cipher,...

Path Traversal

plexus-utils is vulnerable to Path Traversal. An attacker can access arbitrary files and directories stored on the file system through the extractFile function in Expand.java and manipulate files with dot-dot-slash ../ sequences and variations or by using absolute file paths...

Security Bulletin: Publicly disclosed vulnerabilities in Plexus-utils affect IBM Netezza Analytics

Summary Plexus-utils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2017-1000487 DESCRIPTION: Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of...

new packages: plexus-utils

An update is available for plexus-utils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

GHSA-8VHQ-QQ4P-GRQ3 OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

ai.libs.thirdparty:interruptible-meka (>=0.1.0 <=0.1.2), ai.rev.speechtotext:revai-java-sdk-speechtotext (>=1.0.0 <=1.4.0) +9774 more potentially affected by CVE-2017-1000487 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.0.15)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1.0, =1.0.0, =2.1.0, =1.0.0, =1.0.0, =1.0.0, =2.1.9, =2.1.9, =2.4.13 - au.com.turingg:turingg-files =0.0.1 and more Source cves: CVE-2017-1000487 Source advisory: OSV:GHSA-8VHQ-QQ4P-GRQ3...

OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

[SECURITY] Fedora 34 Update: maven-shared-utils-3.2.1-0.9.fc34

This project aims to be a functional replacement for plexus-utils in Maven. It is not a 100% API compatible replacement though but a replacement with improvements: lots of methods got cleaned up, generics got added and we dropp ed a lot of unused code...

The vulnerability of the Plexus-utils package from the IBM Netezza Analytics extended analytics platform allows a hacker to execute arbitrary commands.

The vulnerability of the Plexus-utils package of the IBM Netezza Analytics extended analytics platform exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

3.6 bug fix and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

JFrog < 7.11.1 Multiple Vulnerabilities

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.11.1. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This...