CVE-2024-49771
- EPSS 0.21%
- Veröffentlicht 28.10.2024 17:15:04
- Zuletzt bearbeitet 29.10.2024 14:34:50
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could b...
CVE-2022-41954
- EPSS 0.02%
- Veröffentlicht 25.11.2022 19:15:12
- Zuletzt bearbeitet 21.11.2024 07:24:08
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with ...
CVE-2020-35460
- EPSS 0.62%
- Veröffentlicht 14.12.2020 23:15:12
- Zuletzt bearbeitet 05.05.2025 17:16:00
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
CVE-2020-25020
- EPSS 1.52%
- Veröffentlicht 29.08.2020 19:15:14
- Zuletzt bearbeitet 05.05.2025 17:15:59
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.