Mpxj@* Security Vulnerabilities and Issues — Mpxj@* CVE List

Lucene search

MpxjMpxj*

4 matches found

CVE•added 2020/12/14 11:15 p.m.•86 views

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.

5.3CVSS5.6AI score0.00615EPSS

CVE•added 2022/11/25 7:15 p.m.•78 views

CVE-2022-41954

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r--r--. This means that any oth...

3.3CVSS3.7AI score0.00014EPSS

CVE•added 2020/08/29 7:15 p.m.•75 views

CVE-2020-25020

MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.

9.8CVSS9.3AI score0.01996EPSS

CVE•added 2024/10/28 5:15 p.m.•50 views

CVE-2024-49771

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the...

5.3CVSS5.1AI score0.00615EPSS