Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MPXJ has a Potential Path Traversal Vulnerability
Vulnerability Description
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. The issue is addressed in MPXJ version 13.5.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
MPXJ 路径遍历漏洞
Vulnerability Description
MPXJ是Jon Iles个人开发者的一个开源库。用于从各种文件格式和数据库读取和编写项目计划。 MPXJ存在路径遍历漏洞,该漏洞源于允许攻击者构造恶意路径,从而将文件写入任意位置。
CVSS Information
N/A
Vulnerability Type
N/A