CVE-2020-25020

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-25020

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25020.json

Aliases

GHSA-wcp5-m52f-mhh5

Published

2020-08-29T19:15:14Z

Modified

2023-11-29T08:15:58.188322Z

Details

MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.

References

https://github.com/joniles/mpxj/pull/178/commits/c3e457f7a16facfe563eade82b0fa8736a8c96f9
https://www.oracle.com/security-alerts/cpujan2021.html

Affected packages

Git / github.com/joniles/mpxj

Affected ranges

Type: GIT
Repo: https://github.com/joniles/mpxj
Events: Introduced

0The exact introduced commit is unknown

Last affected

a6e8a02787de24c1f90cba135aab7da9abd92bcb

Affected versions

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.1.0

v7.2.0

v7.2.1

v7.3.0

v7.4.0

v7.4.1

v7.4.2

v7.4.3

v7.4.4

v7.5.0

v7.6.0

v7.6.1

v7.6.2

v7.6.3

v7.7.0

v7.7.1

v7.8.0

v7.8.1

v7.8.2

v7.8.3

v7.8.4

v7.9.0

v7.9.1

v7.9.2

v7.9.3

v7.9.4

v7.9.5

v7.9.6

v7.9.7

v7.9.8

v8.*

v8.0.0

v8.0.2

v8.0.3

v8.0.4

v8.0.5

v8.0.6

v8.0.7

v8.0.8

v8.1.0

v8.1.1

v8.1.2

v8.1.3