common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
References
Link | Resource |
---|---|
http://www.mpxj.org/changes-report.html#a8.3.5 | Release Notes Vendor Advisory |
https://github.com/joniles/mpxj/commit/8eaf4225048ea5ba7e59ef4556dab2098fcc4a1d | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2021.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-14T22:48:19
Updated: 2021-01-20T14:42:09
Reserved: 2020-12-14T00:00:00
Link: CVE-2020-35460
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-14T23:15:12.267
Modified: 2022-08-06T03:53:49.017
Link: CVE-2020-35460
JSON object: View
Redhat Information
No data.
CWE