4.0.2
19 years ago
3 months ago
Known vulnerabilities in the org.codehaus.plexus:plexus-utils package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
org.codehaus.plexus:plexus-utils is a collection of various utility classes to ease working with strings, files, command lines, XML and more. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. How to fix XML External Entity (XXE) Injection? Upgrade | [,3.0.24) |
An attacker could access arbitrary files and directories stored on the file system by manipulating files with Note: There is no indication that access to the filesystem beyond that of the application user can be achieved. So typical deployments will have only limited confidentiality impact from this vulnerability. | [,3.0.24) |
Affected versions of this package are vulnerable to Shell Command Injection. The Commandline class in plexus-utils does not correctly quote the contents of double-quoted strings. How to fix Shell Command Injection? Upgrade Codehaus Plexus to version | [,3.0.16) |