Arbitrary File Write

plexus-archive is vulnerable to arbitrary file write. The application does not properly handle the filename, allowing a malicious user to pass an archive file that can be extracted to an arbitrary directory on the system...

plexus-utils: Mishandled strings in Commandline class allow for command injection

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.codehaus.plexus:plexus-archiver is a Collection of Plexus components to create archives or extract files out of an archive to a directory with a unified Archiver/UnArchiver API whatever the archive format is. Affected versions of the package are vulnerable to Arbitrary File Write via...

au.net.causal.maven.plugins:boxdb-maven-plugin (>=1.0 <=3.3), au.net.causal.maven.plugins:browserbox-maven-plugin (=1.0) +572 more potentially affected by CVE-2018-1002200 via org.codehaus.plexus:plexus-archiver (>=3.0 <=3.5)

org.codehaus.plexus:plexus-archiver MAVEN version =3.0, =1.0, =0.7.8, =0.6.0, =0.6.0, =0.6.0, =1.4.14, =1.2.1, =1.20, =0.0.3, =0.0.21, =0.0.3, =0.0.3, =0.0.3, =0.0.16 and more Source cves: CVE-2018-1002200 Source advisory: SNYK:JAVA-ORGCODEHAUSPLEXUS-31680...

Debian DSA-4149-1 : plexus-utils2 - security update

Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...

[SECURITY] [DSA 4149-1] plexus-utils2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4149-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2018 https://www.debian.org/security/faq -...

DSA-4149-1 plexus-utils2 - security update

Bulletin has no description...

Debian DSA-4146-1 : plexus-utils - security update

Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian: Security Advisory (DSA-4149-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4146-1] plexus-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4146-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2018 https://www.debian.org/security/faq -...

DSA-4146-1 plexus-utils - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4146-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1236-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1237-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1237-1 : plexus-utils2 security update

Charles Duffy discovered that the Commandline class in plexus-utils2, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands. For Debian 7 'Wheezy', these problems have been...

Debian DLA-1236-1 : plexus-utils security update

Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands. For Debian 7 'Wheezy', these problems have been...

[SECURITY] [DLA 1237-1] plexus-utils2 security update

Package : plexus-utils2 Version : 2.0.5-1+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils2, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject...

[SECURITY] [DLA 1236-1] plexus-utils security update

Package : plexus-utils Version : 1:1.5.15-4+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to injec...

DLA-1237-1 plexus-utils2 - security update

Bulletin has no description...

DLA-1236-1 plexus-utils - security update

Bulletin has no description...