{"id":"RHSA-2026:36012","summary":"Red Hat Security Advisory: maven:3.9 security update","modified":"2026-07-07T10:15:21.254742767Z","published":"2026-07-07T10:09:37Z","upstream":["CVE-2025-67030"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:36012"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451409"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36012.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-67030"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-67030"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67030"},{"type":"ARTICLE","url":"https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec"},{"type":"ARTICLE","url":"https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642"},{"type":"ARTICLE","url":"https://github.com/codehaus-plexus/plexus-utils/issues/294"},{"type":"ARTICLE","url":"https://github.com/codehaus-plexus/plexus-utils/pull/295"},{"type":"ARTICLE","url":"https://github.com/codehaus-plexus/plexus-utils/pull/296"}],"affected":[{"package":{"name":"aopalliance","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/aopalliance"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0-51.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"apache-commons-cli","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/apache-commons-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.9.0-4.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"apache-commons-codec","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/apache-commons-codec"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.17.1-8.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"apache-commons-io","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/apache-commons-io"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.16.1-9.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"atinject","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/atinject"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.5-14.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"google-guice","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/google-guice"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.0-23.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"guava","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/guava"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:33.3.0-5.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"httpcomponents-client","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/httpcomponents-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.14-21.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"httpcomponents-core","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/httpcomponents-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.4.16-21.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"jakarta-annotations","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/jakarta-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.5-38.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"jansi","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/jansi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.1-12.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"jcl-over-slf4j","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/jcl-over-slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.36-9.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"jsr-305","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/jsr-305"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.0.2-36.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.9.9-12.module+el9.6.0+24382+3f72e30c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-lib","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.9.9-12.module+el9.6.0+24382+3f72e30c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-openjdk11","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-openjdk11"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.9.9-12.module+el9.6.0+24382+3f72e30c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-openjdk17","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-openjdk17"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.9.9-12.module+el9.6.0+24382+3f72e30c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-openjdk21","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-openjdk21"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.9.9-12.module+el9.6.0+24382+3f72e30c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-openjdk8","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-openjdk8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.9.9-12.module+el9.6.0+24382+3f72e30c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-resolver","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-resolver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.9.22-6.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-shared-utils","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-shared-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.4.2-19.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-unbound","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-unbound"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.9.9-12.module+el9.6.0+24382+3f72e30c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"maven-wagon","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/maven-wagon"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-17.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"plexus-cipher","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/plexus-cipher"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0-25.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"plexus-classworlds","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/plexus-classworlds"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.0-9.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"plexus-containers","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/plexus-containers"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.0-10.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"plexus-containers-component-annotations","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/plexus-containers-component-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.0-10.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"plexus-interpolation","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/plexus-interpolation"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.27-10.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"plexus-sec-dispatcher","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/plexus-sec-dispatcher"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0-28.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"plexus-utils","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/plexus-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.1-17.module+el9.6.0+24382+3f72e30c.1"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"sisu","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/sisu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.9.0~M3-7.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}},{"package":{"name":"slf4j","ecosystem":"Red Hat:rhel_eus:9.6::appstream","purl":"pkg:rpm/redhat/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.36-9.module+el9.6.0+22733+e520f63c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}]}