An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
{ "nvd_published_at": "2023-08-28T22:15:09Z", "cwe_ids": [ "CWE-22", "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-08-29T17:41:26Z" }