jacoco-maven-plugin-0.8.8.maven-plugin: 4 vulnerabilities (highest severity is: 5.9)

Vulnerable Library - jacoco-maven-plugin-0.8.8.maven-plugin

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.22/plexus-utils-3.0.22.jar,/home/wss-scanner/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.22/plexus-utils-3.0.22.jar

Found in HEAD commit: 7746b460bb9dead8c0e3e96243b929b4ce1023ce

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (jacoco-maven-plugin version)	Remediation Available
WS-2016-7057	Medium	5.9	plexus-utils-3.0.22.jar	Transitive	N/A*	❌
WS-2016-7062	Medium	5.3	plexus-utils-3.0.22.jar	Transitive	N/A*	❌
CVE-2022-4244	Medium	5.3	plexus-utils-3.0.22.jar	Transitive	N/A*	❌
CVE-2022-4245	Medium	4.3	plexus-utils-3.0.22.jar	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

WS-2016-7057

### Vulnerable Library - plexus-utils-3.0.22.jar

A collection of various utility classes to ease working with strings, files, command lines, XML and more.

Path to dependency file: /ectemplate-servicio-personas/pom.xml

Dependency Hierarchy: - jacoco-maven-plugin-0.8.8.maven-plugin (Root Library) - :x: **plexus-utils-3.0.22.jar** (Vulnerable Library)

Found in HEAD commit: 7746b460bb9dead8c0e3e96243b929b4ce1023ce

Found in base branch: main

### Vulnerability Details

Plexus-utils before 3.0.24 are vulnerable to Directory Traversal

Publish Date: 2016-05-07

URL: WS-2016-7057

### CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2016-05-07

Fix Resolution: 3.0.24

Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

WS-2016-7062

### Vulnerable Library - plexus-utils-3.0.22.jar

A collection of various utility classes to ease working with strings, files, command lines, XML and more.

Path to dependency file: /ectemplate-servicio-personas/pom.xml

Dependency Hierarchy: - jacoco-maven-plugin-0.8.8.maven-plugin (Root Library) - :x: **plexus-utils-3.0.22.jar** (Vulnerable Library)

Found in HEAD commit: 7746b460bb9dead8c0e3e96243b929b4ce1023ce

Found in base branch: main

### Vulnerability Details

Security vulnerability found in plexus-utils before 3.0.24. XML injection found in XmlWriterUtil.java.

Publish Date: 2016-05-07

URL: WS-2016-7062

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2016-05-07

Fix Resolution: 3.0.24

Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

CVE-2022-4244

### Vulnerable Library - plexus-utils-3.0.22.jar

A collection of various utility classes to ease working with strings, files, command lines, XML and more.

Path to dependency file: /ectemplate-servicio-personas/pom.xml

Dependency Hierarchy: - jacoco-maven-plugin-0.8.8.maven-plugin (Root Library) - :x: **plexus-utils-3.0.22.jar** (Vulnerable Library)

Found in HEAD commit: 7746b460bb9dead8c0e3e96243b929b4ce1023ce

Found in base branch: main

### Vulnerability Details

CVE-2022-4244 codehaus-plexus: Directory Traversal

Publish Date: 2022-12-01

URL: CVE-2022-4244

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2022-12-01

Fix Resolution: org.codehaus.plexus:plexus-utils:3.0.24

Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

CVE-2022-4245

### Vulnerable Library - plexus-utils-3.0.22.jar

A collection of various utility classes to ease working with strings, files, command lines, XML and more.

Path to dependency file: /ectemplate-servicio-personas/pom.xml

Dependency Hierarchy: - jacoco-maven-plugin-0.8.8.maven-plugin (Root Library) - :x: **plexus-utils-3.0.22.jar** (Vulnerable Library)

Found in HEAD commit: 7746b460bb9dead8c0e3e96243b929b4ce1023ce

Found in base branch: main

### Vulnerability Details

CVE-2022-4245 codehaus-plexus: XML External Entity (XXE) Injection

Publish Date: 2022-12-01

URL: CVE-2022-4245

### CVSS 3 Score Details (4.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.suse.com/show_bug.cgi?id=1205930

Release Date: 2022-12-01

Fix Resolution: org.codehaus.plexus:plexus-utils:3.0.24

Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

rpuigm / ecommercewebtemplate

jacoco-maven-plugin-0.8.8.maven-plugin: 4 vulnerabilities (highest severity is: 5.9) #113

Vulnerabilities

Details