GHSA-p9j6-4pjr-gp48
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p9j6-4pjr-gp48
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/12/GHSA-p9j6-4pjr-gp48/GHSA-p9j6-4pjr-gp48.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-p9j6-4pjr-gp48
- Aliases
- Published
- 2020-12-18T18:28:23Z
- Modified
- 2023-11-08T04:03:33.621104Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- MPXJ path Traversal vulnerability
- Details
-
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
- Database specific
{ "nvd_published_at": "2020-12-14T23:15:00Z", "github_reviewed_at": "2020-12-17T23:15:51Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-22" ] }- References
Affected packages
Maven / net.sf.mpxj:mpxj
Package
- Name
- net.sf.mpxj:mpxj
- View open source insights on deps.dev
- Purl
- pkg:maven/net.sf.mpxj/mpxj
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.3.5
Affected versions
4.*
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
5.*
5.0.0
5.1.0
5.1.4
5.1.9
5.1.10
5.1.11
5.1.12
5.1.13
5.1.15
5.1.16
5.1.17
5.1.18
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.3.2
5.3.3
5.4.0
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
5.7.0
5.7.1
5.8.0
5.9.0
5.10.0
5.11.0
5.12.0
5.13.0
5.14.0
6.*
6.0.0
6.1.0
6.1.2
6.2.0
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.1.0
7.2.0
7.2.1
7.3.0
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0
7.6.0
7.6.1
7.6.2
7.6.3
7.7.0
7.7.1
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.7
7.9.8
8.*
8.0.0
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.0.8
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.2.0
8.3.0
8.3.1
8.3.2
8.3.3
8.3.4