org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
Summary
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method. Red Hat rates this important (CVSS 8.3). Weakness: CWE-22. Affected package(s): eap8-jboss-logging, eap8-guava-failureaccess, eap8-activemq-artemis, eap8-netty-transport-native-epoll, eap8-reactivex-rxjava, eap8-wildfly-javadocs. Resolved in Red Hat advisory RHSA-2026:7109 — update the affected packages (`sudo dnf update`).
- eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap
- eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el9eap
- eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el9eap
- eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el9eap
- eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el9eap
- eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap
- eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap
- eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap
- eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el9eap
- plexus-utils
- eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap
- eap8-wildfly-openssl-el9-x86_64-0:2.3.0-1.Final_redhat_00001.1.el9eap
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- RHSA-2026:7109
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:7109 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.