Joniles Mpxj vulnerabilities

CVE-2024-49771 [MEDIUM] CWE-22 MPXJ has a Potential Path Traversal Vulnerability MPXJ has a Potential Path Traversal Vulnerability MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. T

CVE-2022-41954 [LOW] CWE-200 CVE-2022-41954: MPXJ is an open source library to read and write project plans from a variety of file formats and da MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this

CVE-2020-35460 [MEDIUM] CWE-22 CVE-2020-35460: common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip st common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.