Description
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
Remediation
References
http://www.mpxj.org/changes-report.html#a8.3.5
https://github.com/joniles/mpxj/commit/8eaf4225048ea5ba7e59ef4556dab2098fcc4a1d
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2020-6463 Vulnerability in maven package org.webjars.npm:electron
CVE-2016-10735 Vulnerability in maven package org.webjars.bower:bootstrap-sass
CVE-2023-45818 Vulnerability in maven package org.webjars.npm:tinymce
CVE-2020-16040 Vulnerability in npm package electron
CVE-2021-41561 Vulnerability in maven package org.apache.parquet:parquet