GHSA-p9j6-4pjr-gp48

Suggest an improvement
Source
https://github.com/advisories/GHSA-p9j6-4pjr-gp48
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/12/GHSA-p9j6-4pjr-gp48/GHSA-p9j6-4pjr-gp48.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-p9j6-4pjr-gp48
Aliases
Published
2020-12-18T18:28:23Z
Modified
2023-11-01T04:53:02.636508Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
MPXJ path Traversal vulnerability
Details

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.

Database specific
{
    "nvd_published_at": "2020-12-14T23:15:00Z",
    "github_reviewed_at": "2020-12-17T23:15:51Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Maven / net.sf.mpxj:mpxj

Package

Name
net.sf.mpxj:mpxj
View open source insights on deps.dev
Purl
pkg:maven/net.sf.mpxj/mpxj

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.3.5

Affected versions

4.*

4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6

5.*

5.0.0
5.1.0
5.1.4
5.1.9
5.1.10
5.1.11
5.1.12
5.1.13
5.1.15
5.1.16
5.1.17
5.1.18
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.3.2
5.3.3
5.4.0
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
5.7.0
5.7.1
5.8.0
5.9.0
5.10.0
5.11.0
5.12.0
5.13.0
5.14.0

6.*

6.0.0
6.1.0
6.1.2
6.2.0

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.1.0
7.2.0
7.2.1
7.3.0
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0
7.6.0
7.6.1
7.6.2
7.6.3
7.7.0
7.7.1
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.7
7.9.8

8.*

8.0.0
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.0.8
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.2.0
8.3.0
8.3.1
8.3.2
8.3.3
8.3.4