Description
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
Remediation
References
http://www.mpxj.org/changes-report.html#a8.3.5
https://github.com/joniles/mpxj/commit/8eaf4225048ea5ba7e59ef4556dab2098fcc4a1d
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2022-36097 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui
CVE-2023-2195 Vulnerability in maven package org.jenkins-ci.plugins:codedx
CVE-2022-40309 Vulnerability in maven package org.apache.archiva:maven2-repository
CVE-2022-41254 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt
CVE-2017-1000362 Vulnerability in maven package org.jenkins-ci.main:jenkins-core