Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The affected method is org.codehaus.plexus.util.Expand.extractFile. The maven-invoker-plugin package does not use the Expand class, it uses: org.codehaus.plexus.util.introspection.ReflectionValueExtractor; org.codehaus.plexus.util.xml.XmlStreamReader; org.codehaus.plexus.util.xml.pull.XmlPullParserException; org.codehaus.plexus.util.DirectoryScanner; org.codehaus.plexus.util.FileUtils; org.codehaus.plexus.util.IOUtil; org.codehaus.plexus.util.InterpolationFilterReader; org.codehaus.plexus.util.NioFiles; org.codehaus.plexus.util.ReflectionUtils; org.codehaus.plexus.util.cli.CommandLineException; org.codehaus.plexus.util.cli.CommandLineUtils; org.codehaus.plexus.util.cli.Commandline; org.codehaus.plexus.util.cli.StreamConsumer; org.codehaus.plexus.util.xml.XmlStreamReader; org.codehaus.plexus.util.xml.XmlStreamWriter; org.codehaus.plexus.util.xml.Xpp3Dom; org.codehaus.plexus.util.xml.Xpp3DomWriter; org.codehaus.plexus.util.xml.XmlStreamReader; org.codehaus.plexus.util.xml.pull.XmlPullParserException; org.codehaus.plexus.util.IOUtil; org.codehaus.plexus.util.Os; org.codehaus.plexus.util.xml.XmlStreamReader; org.codehaus.plexus.util.xml.pull.XmlPullParserException;