[SECURITY] Fedora 40 Update: maven-shared-incremental-1.1-33.fc40

Various utility classes and plexus components for supporting incremental build functionality in maven plugins...

[SECURITY] Fedora 40 Update: maven-filtering-3.3.1-6.fc40

These Plexus components have been built from the filtering process/code in Maven Resources Plugin. The goal is to provide a shared component for all plugins that needs to filter resources...

The vulnerability of the codehaus-plexus framework of Apache Maven is related to an incorrect restriction on XML references to external objects, which allows a hacker to execute arbitrary code.

The vulnerability of the codehaus-plexus framework of Apache Maven is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

CentOS 7 : plexus-archiver (RHSA-2023:6886)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6886 advisory. - Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to...

Oracle Linux 7 : plexus-archiver (ELSA-2023-6886)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6886 advisory. 0:2.4.2-6 - Avoid override target symlink by standard file in AbstractUnArchiver - Fixes: CVE-2023-37460 Tenable has extracted the preceding description block...

Important: Red Hat Security Advisory: plexus-archiver security update

An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

RHEL 7 : plexus-archiver (RHSA-2023:6886)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6886 advisory. The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can...

Amazon Linux 2023 : plexus-archiver, plexus-archiver-javadoc (ALAS2023-2023-421)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-421 advisory. Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for...

Important: plexus-archiver

Issue Overview: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remot...

SUSE CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver

A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution RCE. Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will...

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Ubuntu 18.04 ESM : Plexus Archiver vulnerability (USN-4832-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4832-1 advisory. It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack. Tenab...

SUSE CVE-2023-37460

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

CVE-2023-37460

A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution RCE. Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will...

ai.libs.thirdparty:interruptible-meka (>=0.1.0 <=0.1.2), ai.rev.speechtotext:revai-java-sdk-speechtotext (>=1.0.0 <=1.4.0) +13296 more potentially affected by CVE-2022-4244 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.0.23)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1.0, =1.0.0, =2.1.0, =0.0.13, =1.13.3, =1.0.0, =1.1.1, =1.0.0, =1.0, =1.3 - at.makubi.maven.plugin:rpm-systemd-maven-plugin =1.0.1 - at.molindo:git-commit-id-plugin =2.1.10-alpha-1 and more Source cves: CVE-2022-4244 Source advisory:...

ai.libs.thirdparty:interruptible-meka (>=0.1.0 <=0.1.2), ai.rev.speechtotext:revai-java-sdk-speechtotext (>=1.0.0 <=1.4.0) +13296 more potentially affected by CVE-2022-4245 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.0.23)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1.0, =1.0.0, =2.1.0, =0.0.13, =1.13.3, =1.0.0, =1.1.1, =1.0.0, =1.0, =1.3 - at.makubi.maven.plugin:rpm-systemd-maven-plugin =1.0.1 - at.molindo:git-commit-id-plugin =2.1.10-alpha-1 and more Source cves: CVE-2022-4245 Source advisory:...

GHSA-JCWR-X25H-X5FH codehaus-plexus vulnerable to XML injection

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...

plexus-codehaus vulnerable to directory traversal

A flaw was found in plexus-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with dot-dot-slash ../ sequences and their variations or by using absolute file paths, it may be possible t...

codehaus-plexus vulnerable to XML injection

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...