VulnerableCode Package Details - pkg:maven/org.codehaus.plexus/plexus-utils@3.0.24

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dk13-hzg5-n3cp	A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.	CVE-2022-4244 GHSA-g6ph-x5wf-g337
VCID-dz4d-py2w-pfgb	A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.	CVE-2022-4245 GHSA-jcwr-x25h-x5fh

Vulnerability

Summary

Aliases

VCID-dk13-hzg5-n3cp

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CVE-2022-4244
GHSA-g6ph-x5wf-g337

VCID-dz4d-py2w-pfgb

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CVE-2022-4245
GHSA-jcwr-x25h-x5fh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:26:59.668866+00:00	GHSA Importer	Fixing	VCID-dz4d-py2w-pfgb	https://github.com/advisories/GHSA-jcwr-x25h-x5fh	38.6.0
2026-06-13T06:26:59.631358+00:00	GHSA Importer	Fixing	VCID-dk13-hzg5-n3cp	https://github.com/advisories/GHSA-g6ph-x5wf-g337	38.6.0
2026-06-12T15:47:04.907361+00:00	GitLab Importer	Fixing	VCID-dk13-hzg5-n3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.codehaus.plexus/plexus-utils/CVE-2022-4244.yml	38.6.0
2026-06-12T15:47:04.690960+00:00	GitLab Importer	Fixing	VCID-dz4d-py2w-pfgb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.codehaus.plexus/plexus-utils/CVE-2022-4245.yml	38.6.0
2026-06-12T07:57:12.106007+00:00	GithubOSV Importer	Fixing	VCID-dk13-hzg5-n3cp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-g6ph-x5wf-g337/GHSA-g6ph-x5wf-g337.json	38.6.0
2026-06-12T07:57:01.341328+00:00	GithubOSV Importer	Fixing	VCID-dz4d-py2w-pfgb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-jcwr-x25h-x5fh/GHSA-jcwr-x25h-x5fh.json	38.6.0