VYPR

apk package

chainguard/maven-stage0

pkg:apk/chainguard/maven-stage0

Vulnerabilities (4)

  • CVE-2025-67030HigMar 25, 2026
    affected < 3.9.12-r4fixed 3.9.12-r4

    Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

  • CVE-2025-48924Jul 11, 2025
    affected < 3.9.12-r0fixed 3.9.12-r0

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr

  • CVE-2023-2976Jun 14, 2023
    affected < 3.9.12-r0fixed 3.9.12-r0

    Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to

  • CVE-2020-8908Dec 10, 2020
    affected < 3.9.12-r0fixed 3.9.12-r0

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the