Описание
Plexus-Utils has a Directory Traversal vulnerability in its extractFile method
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-67030
- https://github.com/codehaus-plexus/plexus-utils/issues/294
- https://github.com/codehaus-plexus/plexus-utils/pull/295
- https://github.com/codehaus-plexus/plexus-utils/pull/296
- https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642
- https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec
- https://github.com/codehaus-plexus/plexus-utils/releases/tag/plexus-utils-4.0.3
Пакеты
Наименование
org.codehaus.plexus:plexus-utils
maven
Затронутые версииВерсия исправления
<= 4.0.2
4.0.3
