Skip to content

CVE-2022-4244 (Medium) detected in plexus-utils-2.0.4.jar #52

Open
Open
CVE-2022-4244 (Medium) detected in plexus-utils-2.0.4.jar#52
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource

Description

@mend-bolt-for-github
mend-bolt-for-github
bot
opened on Jan 18, 2023

CVE-2022-4244 - Medium Severity Vulnerability

Vulnerable Library - plexus-utils-2.0.4.jar

A collection of various utility classes to ease working with strings, files, command lines, XML and more.

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.jar

Dependency Hierarchy:

  • maven-compiler-plugin-3.8.1.jar (Root Library)
    • maven-artifact-3.0.jar
      • plexus-utils-2.0.4.jar (Vulnerable Library)

Found in HEAD commit: 160e69822964b88ff887ba903106f5fc169a5abf

Found in base branch: main

Vulnerability Details

CVE-2022-4244 codehaus-plexus: Directory Traversal

Publish Date: 2022-12-01

URL: CVE-2022-4244

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-12-01

Fix Resolution: org.codehaus.plexus:plexus-utils:3.0.24

Step up your Open Source Security Game with Mend here

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions