VYPR

Maven package

org.codehaus.plexus/plexus-archiver

pkg:maven/org.codehaus.plexus/plexus-archiver

Vulnerabilities (2)

  • CVE-2023-37460Jul 25, 2023
    affected < 4.8.0fixed 4.8.0

    Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly

  • CVE-2018-1002200MedJul 25, 2018
    affected < 3.6.0fixed 3.6.0

    plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.