CVE-2020-35460

Published: Dec 14, 2020

Modified: May 5, 2025

PUBLISHED

Description

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/joniles/mpxj/commit/8eaf4225048ea5ba7e59ef4556dab2098fcc4a1d

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

http://www.mpxj.org/changes-report.html#a8.3.5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-35460

Description

Affected Products

References