CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

codehaus-plexus

plexus-utils

3 known vulnerabilities · sorted by CVSS score

CVE-2017-1000487

CRITICAL9.8

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

codehaus-plexus / plexus-utils+3

Network

Published Jan 3, 2018

CVE-2022-4244

HIGH7.5

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

codehaus-plexus / plexus-utils+1

Network

Published Sep 25, 2023

CVE-2022-4245

MEDIUM4.3

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

codehaus-plexus / plexus-utils+1

Network

Published Sep 25, 2023