Codehaus-Plexus Plexus-Utils vulnerabilities

CVE-2025-67030 [HIGH] CWE-22 CVE-2025-67030: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in pl Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

CVE-2022-4244 [HIGH] CWE-22 CVE-2022-4244: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) a A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on

CVE-2022-4245 [MEDIUM] CWE-91 CVE-2022-4245: A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fai A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CVE-2017-1000487 [CRITICAL] CWE-78 CVE-2017-1000487: Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.