Description
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
Remediation
References
http://www.mpxj.org/changes-report.html#a8.3.5
https://github.com/joniles/mpxj/commit/8eaf4225048ea5ba7e59ef4556dab2098fcc4a1d
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2018-1000194 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2023-36472 Vulnerability in npm package @strapi/plugin-content-manager
CVE-2022-39263 Vulnerability in npm package @next-auth/upstash-redis-adapter
CVE-2013-4221 Vulnerability in maven package org.restlet:org.restlet