Test ID:	1.3.6.1.4.1.25623.1.0.882911
Category:	CentOS Local Security Checks
Title:	CentOS Update for plexus-archiver CESA-2018:1836 centos7
Summary:	Check the version of plexus-archiver
Description:	Summary: Check the version of plexus-archiver Vulnerability Insight: The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives. Security Fix(es): * plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-1002200) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Danny Grander (Snyk) for reporting this issue. Affected Software/OS: plexus-archiver on CentOS 7 Solution: Please install the updated packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1002200 Debian Security Information: DSA-4227 (Google Search) https://www.debian.org/security/2018/dsa-4227 https://github.com/snyk/zip-slip-vulnerability https://snyk.io/research/zip-slip-vulnerability https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680 RedHat Security Advisories: RHSA-2018:1836 https://access.redhat.com/errata/RHSA-2018:1836 RedHat Security Advisories: RHSA-2018:1837 https://access.redhat.com/errata/RHSA-2018:1837
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.