Maven package
org.codehaus.plexus/plexus-utils
pkg:maven/org.codehaus.plexus/plexus-utils
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-67030 | Hig | 8.8 | >= 4.0.0, < 4.0.3 | 4.0.3 | Mar 25, 2026 | Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code | |
| CVE-2022-4245 | — | < 3.0.24 | 3.0.24 | Sep 25, 2023 | A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. | ||
| CVE-2022-4244 | — | < 3.0.24 | 3.0.24 | Sep 25, 2023 | A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file pa | ||
| CVE-2017-1000487 | — | < 3.0.16 | 3.0.16 | Jan 3, 2018 | Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. |
- affected >= 4.0.0, < 4.0.3fixed 4.0.3
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
- CVE-2022-4245Sep 25, 2023affected < 3.0.24fixed 3.0.24
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
- CVE-2022-4244Sep 25, 2023affected < 3.0.24fixed 3.0.24
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file pa
- CVE-2017-1000487Jan 3, 2018affected < 3.0.16fixed 3.0.16
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.