The vulnerability in the function of the common/InputStreamHelper.java library of the MPXJ library allows a hacker to write files to arbitrary locations.

The vulnerability in the common/InputStreamHelper.java library of the MPXJ library exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to write files to arbitrary locations...

GHSA-P9J6-4PJR-GP48 MPXJ path Traversal vulnerability

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...