org.codehaus.plexus:plexus-utils (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.codehaus.plexus:plexus-utils, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2017-1000487 — CVSS 9.8 (critical): Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
CVE-2025-67030 — CVSS 8.8 (high): Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before…
CVE-2022-4244 — CVSS 7.5 (high): A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories…
CVE-2022-4245 — CVSS 4.3 (medium): A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a -->…