at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +3295 more potentially affected by CVE-2023-37460 via org.codehaus.plexus:plexus-archiver (>=1.0 <=4.7.1)

org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =1.0.0, =1.0.0, =0.7.6, =0.6.0, =0.6.0, =0.6.0, =0.8.0 and more Source cves: CVE-2023-37460 Source advisory: OSV:GHSA-WH3P-FPHP-9H2M...

codehaus-plexus: Directory Traversal

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

codehaus-plexus: XML External Entity (XXE) Injection

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...

Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.1 release security update

Red Hat Integration Camel K 1.10.1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A security update for Camel K 1.10.1 is now...

maven bug fix and enhancement update

An update is available for plexus-interpolation, httpcomponents-core, maven-wagon, maven, google-guice, jsoup, jansi, apache-commons-io, apache-commons-lang3, maven-shared-utils, plexus-utils, plexus-classworlds, jakarta-annotations, httpcomponents-client, apache-commons-codec, plexus-cipher,...

codehaus-plexus: XML External Entity (XXE) Injection

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...

codehaus-plexus: Directory Traversal

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

K64709522: Multiple Zip Slip vulnerabilities

Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

SUSE CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...

Ubuntu: Security Advisory (USN-4832-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Path Traversal

plexus-utils is vulnerable to Path Traversal. An attacker can access arbitrary files and directories stored on the file system through the extractFile function in Expand.java and manipulate files with dot-dot-slash ../ sequences and variations or by using absolute file paths...

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...

codehaus-plexus 代码问题漏洞

codehaus-plexus is codehaus-plexus open source a collection of various utility classes . It can easily handle strings, files, command lines, XML, and more. codehaus-plexus has a security vulnerability that stems from XML External Entity XXE injection...

codehaus-plexus 路径遍历漏洞

codehaus-plexus is codehaus-plexus open source a collection of various utility classes . It can easily handle strings, files, command line, XML, etc. A path traversal vulnerability exists in codehaus-plexus that stems from directory traversal...

Meet Plexus, An AI-based Browser Security Solution from LayerX

By Waqas With the increasing use of the internet, browser security has become an important issue. Malware, phishing, and adware… This is a post from HackRead.com Read the original post: Meet Plexus, An AI-based Browser Security Solution from LayerX...

Security Bulletin: Publicly disclosed vulnerabilities in Plexus-utils affect IBM Netezza Analytics

Summary Plexus-utils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2017-1000487 DESCRIPTION: Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of...

OESA-2022-1684 maven-shared-utils security update

This package can be the functional replacement of plexus-utils in Maven. At the same time, the package has many hightlights, such as: a lot of methods got cleaned up, generics got added and a lot of unused code dropped. Security Fixes: In Apache Maven maven-shared-utils prior to version 3.3.3, th...

new packages: plexus-utils

An update is available for plexus-utils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: plexus-sec-dispatcher

An update is available for plexus-sec-dispatcher. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

new packages: plexus-interpolation

An update is available for plexus-interpolation. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...