CVE-2022-4245
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-4245
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4245.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-4245
- Aliases
- Related
- Published
- 2023-09-25T20:15:10Z
- Modified
- 2024-10-12T23:48:45.710514Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
- References
Affected packages
Debian:11 / plexus-utils2
Package
- Name
- plexus-utils2
- Purl
- pkg:deb/debian/plexus-utils2?arch=source
Debian:12 / plexus-utils2
Package
- Name
- plexus-utils2
- Purl
- pkg:deb/debian/plexus-utils2?arch=source
Debian:13 / plexus-utils2
Package
- Name
- plexus-utils2
- Purl
- pkg:deb/debian/plexus-utils2?arch=source
Git / github.com/codehaus-plexus/plexus-utils
Affected ranges
- Type
- GIT
- Repo
- https://github.com/codehaus-plexus/plexus-utils
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
plexus-utils-2.*
plexus-utils-2.0.7
plexus-utils-2.1
plexus-utils-3.*
plexus-utils-3.0
plexus-utils-3.0.1
plexus-utils-3.0.10
plexus-utils-3.0.11
plexus-utils-3.0.12
plexus-utils-3.0.13
plexus-utils-3.0.14
plexus-utils-3.0.15
plexus-utils-3.0.16
plexus-utils-3.0.17
plexus-utils-3.0.18
plexus-utils-3.0.19
plexus-utils-3.0.2
plexus-utils-3.0.20
plexus-utils-3.0.21
plexus-utils-3.0.22
plexus-utils-3.0.23
plexus-utils-3.0.3
plexus-utils-3.0.4
plexus-utils-3.0.5
plexus-utils-3.0.6
plexus-utils-3.0.7
plexus-utils-3.0.8
plexus-utils-3.0.9