Description
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
Remediation
References
https://github.com/pf4j/pf4j/issues/536
Related Vulnerabilities
CVE-2022-39248 Vulnerability in maven package org.matrix.android:matrix-android-sdk2
CVE-2020-28273 Vulnerability in npm package set-in
CVE-2023-40815 Vulnerability in maven package org.opencrx:opencrx-core-models
CVE-2023-25500 Vulnerability in maven package com.vaadin:flow-server
CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-macro