CVE-2020-35460
published 2020-12-14CVE-2020-35460: common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joniles | mpxj | — | — |
| mpxj | mpxj | < 8.3.5 | 8.3.5 |
| mpxj | mpxj | >= 8.3.5 < 13.5.1 | 13.5.1 |
| mpxj | mpxj | >= 8.3.5 < 13.5.1 | 13.5.1 |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | 17.7 – 17.12 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
ghsa5.3MEDIUM
osv5.3MEDIUM