new packages: plexus-containers

An update is available for plexus-containers. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: plexus-classworlds

An update is available for plexus-classworlds. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: plexus-cipher

An update is available for plexus-cipher. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +2070 more potentially affected by CVE-2018-1002200 via org.codehaus.plexus:plexus-archiver (>=1.0 <=3.5)

org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =0.7.8, =0.6.0, =0.6.0, =0.6.0, =1.4.14, =1.2.1, =0.9.0, =1.0.0, =ccbc95eb and more Source cves: CVE-2018-1002200 Source advisory: OSV:GHSA-HCXQ-X77Q-3469...

GHSA-HCXQ-X77Q-3469 Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

GHSA-8VHQ-QQ4P-GRQ3 OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

ai.libs.thirdparty:interruptible-meka (>=0.1.0 <=0.1.2), ai.rev.speechtotext:revai-java-sdk-speechtotext (>=1.0.0 <=1.4.0) +9775 more potentially affected by CVE-2017-1000487 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.0.15)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1.0, =1.0.0, =2.1.0, =1.0.0, =1.0.0, =1.0.0, =2.1.9, =2.1.9, =2.4.13 - au.com.turingg:turingg-files =0.0.1 and more Source cves: CVE-2017-1000487 Source advisory: OSV:GHSA-8VHQ-QQ4P-GRQ3...

OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

[SECURITY] Fedora 34 Update: maven-shared-utils-3.2.1-0.9.fc34

This project aims to be a functional replacement for plexus-utils in Maven. It is not a 100% API compatible replacement though but a replacement with improvements: lots of methods got cleaned up, generics got added and we dropp ed a lot of unused code...

The vulnerability of the Plexus-utils package from the IBM Netezza Analytics extended analytics platform allows a hacker to execute arbitrary commands.

The vulnerability of the Plexus-utils package of the IBM Netezza Analytics extended analytics platform exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

Mageia: Security Advisory (MGASA-2014-0056)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0005)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.6 bug fix and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

USN-4832-1: Plexus Archiver vulnerability

It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack...

USN-4832-1 plexus-archiver vulnerability

It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack...

PT-2022-7272 · Unknown · Codehaus-Plexus

Name of the Vulnerable Software and Affected Versions: codehaus-plexus affected versions not specified Description: A flaw was found in codehaus-plexus, where the org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment function fails to sanitize comments for a -- sequence. This issue means that te...

JFrog < 7.11.1 Multiple Vulnerabilities

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.11.1. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This...

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Plexus-utils (CVE-2017-1000487)

Summary Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By sending contents with double quoted strings, an attacker could exploit this vulnerability to execute arbitrary commands on the system...