CVE-2020-35460
14.12.2020, 23:15
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
Vendor | Product | Version |
---|---|---|
mpxj | mpxj | 𝑥 < 8.3.5 |
oracle | primavera_unifier | 17.7 ≤ 𝑥 ≤ 17.12 |
oracle | primavera_unifier | 16.1 |
oracle | primavera_unifier | 16.2 |
oracle | primavera_unifier | 18.8 |
oracle | primavera_unifier | 19.12 |
oracle | primavera_unifier | 21.12 |
𝑥
= Vulnerable software versions
References