WS-2018-0137 (High) detected in plexus-archiver-2.1.jar

[mend-bolt-for-github]

WS-2018-0137 - High Severity Vulnerability

Vulnerable Library - plexus-archiver-2.1.jar

Path to vulnerable library: powerunit/powerunit/target/local-repo/org/codehaus/plexus/plexus-archiver/2.1/plexus-archiver-2.1.jar

Dependency Hierarchy:

• ❌ plexus-archiver-2.1.jar (Vulnerable Library)

Found in HEAD commit: 75dfa219d876a8a322ae476d144fa5cff6d50cef

Vulnerability Details

Plexus-Archiver prior to version 3.6.0 is vulnerable to path traversal issue in archive extraction.

Publish Date: 2018-05-06

URL: WS-2018-0137

CVSS 2 Score Details (8.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=WS-2018-0137

Release Date: 2018-01-26

Fix Resolution: 3.6.0

---

Step up your Open Source Security Game with WhiteSource here