ALSA-2026:38796

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:38796.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:38796
Related
Published
2026-07-13T00:00:00Z
Modified
2026-07-14T11:45:04.312893216Z
Summary
Important: plexus-utils security update
Details

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an application server which is like a J2EE application server, without all the baggage.

Security Fix(es):

  • org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method (CVE-2025-67030)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / plexus-utils

Package

Name
plexus-utils
Purl
pkg:rpm/almalinux/plexus-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0-14.el9_8

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:38796.json"