CVE-2022-4245

CVE-2022-4245 concerns a flaw in codehaus-plexus where, in XmlWriterUtil, the method writeComment fails to sanitize a --> sequence. This allows text in a command string to be interpreted as XML, enabling XML injection. The available connected documents consistently describe this vulnerability...

CVE-2017-1000487

Plexus-utils (component: Plexus-utils library) is vulnerable prior to version 3.0.16 due to improper handling of contents inside double-quoted strings, enabling potential command injection. Affected product references indicate compatibility and remediation paths, with fixes available in 3.0.16 or...

CVE-2022-4244

CVE-2022-4244 covers a directory traversal flaw in codehaus-codehaus (Plexus-Utils). The vulnerability arises from improper handling of path traversal sequences (../ or absolute paths) that could allow access to arbitrary files on the filesystem. Affected products include IBM Cognos Controller (1...

CVE-2025-67030

CVE-2025-67030 is a Directory Traversal/vulnerability in the Plexus Utils library (Expand.extractFile) that can lead to code execution. It affects plexus-utils versions prior to the patch 6d780b3378829318ba5c2d29547e0012d5b29642, with CVSS v3.1 base score 8.8 (HIGH). The connected vendor advisori...