Codehaus-Plexus Plexus-Archiver vulnerabilities

CVE-2023-37460 [CRITICAL] CWE-22 CVE-2023-37460: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a dir Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that a

CVE-2018-1002200 [MEDIUM] CWE-22 CVE-2018-1002200: plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to ar plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.