VulnerableCode Package Details - pkg:deb/debian/plexus-utils2@3.1.1-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2upq-2rss-aaag	A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.	CVE-2022-4245 GHSA-jcwr-x25h-x5fh
VCID-zj3u-yaat-aaaj	A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.	CVE-2022-4244 GHSA-g6ph-x5wf-g337

Vulnerability

Summary

Aliases

VCID-2upq-2rss-aaag

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CVE-2022-4245
GHSA-jcwr-x25h-x5fh

VCID-zj3u-yaat-aaaj

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CVE-2022-4244
GHSA-g6ph-x5wf-g337

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T14:50:25.784933+00:00	Debian Oval Importer	Fixing	VCID-2upq-2rss-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T14:36:09.711703+00:00	Debian Oval Importer	Fixing	VCID-zj3u-yaat-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-08T12:41:45.053667+00:00	Debian Oval Importer	Fixing	VCID-zj3u-yaat-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:10:47.425282+00:00	Debian Oval Importer	Fixing	VCID-2upq-2rss-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T07:43:48.942662+00:00	Debian Oval Importer	Fixing	VCID-2upq-2rss-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T07:29:17.278625+00:00	Debian Oval Importer	Fixing	VCID-zj3u-yaat-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-04-12T18:28:32.377973+00:00	Debian Oval Importer	Fixing	VCID-zj3u-yaat-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:56:25.784640+00:00	Debian Oval Importer	Fixing	VCID-2upq-2rss-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T06:16:17.365408+00:00	Debian Oval Importer	Fixing	VCID-2upq-2rss-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T06:02:05.337719+00:00	Debian Oval Importer	Fixing	VCID-zj3u-yaat-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0