CVE-2020-35460

MEDIUM

Mpxj < 8.3.5 - Path Traversal

Title source: rule

Description

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.

Exploits (1)

nomisec WORKING POC

by shoucheng3 · poc

https://github.com/shoucheng3/joniles__mpxj_CVE-2020-35460_8-3-4

View Code ZIP pw:eip

References (3)

[Release Notes, Vendor Advisory] http://www.mpxj.org/changes-report.html#a8.3.5

[Patch, Third Party Advisory] https://github.com/joniles/mpxj/commit/8eaf4225048ea5ba7e59ef4556dab2098fcc4a1d

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujan2021.html

Scores

CVSS v3 5.3

EPSS 0.0048

EPSS Percentile 64.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-22

Status published

Products (8)

mpxj/mpxj < 8.3.5

net.sf.mpxj/mpxj 0 - 8.3.5Maven

oracle/primavera_unifier 16.1

oracle/primavera_unifier 16.2

oracle/primavera_unifier 18.8

oracle/primavera_unifier 19.12

oracle/primavera_unifier 21.12

oracle/primavera_unifier 17.7 - 17.12

Published Dec 14, 2020

Tracked Since Feb 18, 2026