Codehaus-plexus Plexus-utils — known CVE vulnerabilities
Every CVE whose affected-product data names Codehaus-plexus Plexus-utils, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-1000487 — CVSS 9.8 (critical): Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
CVE-2025-67030 — CVSS 8.8 (high): Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before…
CVE-2022-4244 — CVSS 7.5 (high): A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories…
CVE-2022-4245 — CVSS 4.3 (medium): A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a -->…