CVE-2022-4245

Name of the Vulnerable Software and Affected Versions codehaus-plexus (affected versions not specified)

Description A flaw was found in codehaus-plexus, where the org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment function fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. The vulnerability is related to incorrect restriction of XML links to external objects, which may allow a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.