Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Codehaus-plexusPlexus-archiver

2 matches found

CVE
CVEadded 2018/07/25 5:0 p.m.120 views

CVE-2018-1002200

CVE-2018-1002200 affects plexus-archiver prior to 3.6.0, which is vulnerable to a directory traversal (Zip-Slip) that allows an attacker extracting a crafted archive to write to arbitrary files. Impact observed in multiple advisories: arbitrary file write/overwrite by exploiting zip entry path tr...

5.5CVSS5.5AI score0.05466EPSS
CVE
CVEadded 2023/07/25 7:41 p.m.113 views

CVE-2023-37460

CVE-2023-37460 affects Plexis Archiver (Plexus Archiver) prior to version 4.8.0. The issue arises when extracting archives with an entry that already exists as a symlink whose target does not exist; resolveFile() returns the symlink source instead of the target, allowing subsequent Files.newOutpu...

9.8CVSS9.2AI score0.37911EPSS