CESA-2018:1836 -- centos 7 plexus-archiverID: oval:org.secpod.oval:def:204834 | Date: (C)2018-06-19 (M)2023-08-10 |
Class: PATCH | Family: unix |
The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives. Security Fix: * plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Danny Grander for reporting this issue.