VulnerableCode Package Details - pkg:maven/org.codehaus.plexus/plexus-utils@3.0.16

Search for packages

Vulnerability	Summary	Fixed by
VCID-dk13-hzg5-n3cp Aliases: CVE-2022-4244 GHSA-g6ph-x5wf-g337	A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.	3.0.24 Affected by 0 other vulnerabilities.
VCID-dz4d-py2w-pfgb Aliases: CVE-2022-4245 GHSA-jcwr-x25h-x5fh	A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.	3.0.24 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-dk13-hzg5-n3cp
Aliases:
CVE-2022-4244
GHSA-g6ph-x5wf-g337

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

3.0.24
Affected by 0 other vulnerabilities.

VCID-dz4d-py2w-pfgb
Aliases:
CVE-2022-4245
GHSA-jcwr-x25h-x5fh

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

3.0.24
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-rhsf-bptr-pbaq		CVE-2017-1000487 GHSA-8vhq-qq4p-grq3

Vulnerability

Summary

Aliases

VCID-rhsf-bptr-pbaq

CVE-2017-1000487
GHSA-8vhq-qq4p-grq3

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:06:41.563106+00:00	GitLab Importer	Affected by	VCID-dk13-hzg5-n3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.codehaus.plexus/plexus-utils/CVE-2022-4244.yml	38.6.0
2026-06-12T19:06:39.443789+00:00	GitLab Importer	Affected by	VCID-dz4d-py2w-pfgb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.codehaus.plexus/plexus-utils/CVE-2022-4245.yml	38.6.0
2026-06-12T15:44:33.124869+00:00	GitLab Importer	Fixing	VCID-rhsf-bptr-pbaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.codehaus.plexus/plexus-utils/CVE-2017-1000487.yml	38.6.0
2026-06-12T08:25:00.335806+00:00	GithubOSV Importer	Fixing	VCID-rhsf-bptr-pbaq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8vhq-qq4p-grq3/GHSA-8vhq-qq4p-grq3.json	38.6.0
2026-06-11T20:29:40.530506+00:00	GHSA Importer	Fixing	VCID-rhsf-bptr-pbaq	https://github.com/advisories/GHSA-8vhq-qq4p-grq3	38.6.0