Homepage
About Snyk

org.apache.maven.plugins:maven-archetype-plugin@3.2.1 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.maven.plugins:maven-archetype-plugin package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Insecure Storage of Sensitive Information

Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information due to the insecure storage of sensitive information in the archetype-settings.xml file. An attacker can access sensitive data, such as credentials, by obtaining the published artifact that inadvertently includes this file.

Note:

This is only exploitable if the developer runs mvn verify again without a mvn clean, leading to the inclusion of sensitive files in the final artifact.

How to fix Insecure Storage of Sensitive Information?

Upgrade org.apache.maven.plugins:maven-archetype-plugin to version 3.3.0 or higher.

[3.2.1,3.3.0)
Go back to all versions of this package