GHSA-g6ph-x5wf-g337

Suggest an improvement
Source
https://github.com/advisories/GHSA-g6ph-x5wf-g337
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-g6ph-x5wf-g337/GHSA-g6ph-x5wf-g337.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-g6ph-x5wf-g337
Aliases
Published
2023-09-25T21:30:26Z
Modified
2024-05-03T20:47:20.860017Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
plexus-codehaus vulnerable to directory traversal
Details

A flaw was found in plexus-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with dot-dot-slash (../) sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Database specific
{
    "nvd_published_at": "2023-09-25T20:15:10Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-26T17:59:40Z"
}
References

Affected packages

Maven / org.codehaus.plexus:plexus-utils

Package

Name
org.codehaus.plexus:plexus-utils
View open source insights on deps.dev
Purl
pkg:maven/org.codehaus.plexus/plexus-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.24

Affected versions

1.*

1.0.4
1.0.5
1.1
1.2
1.3
1.4-alpha-1
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.1

3.*

3.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.0.21
3.0.22
3.0.23