mpxj 13.4.0
1 security vulnerability
found in version
13.4.0
MPXJ has a Potential Path Traversal Vulnerability
medium severity CVE-2024-49771
medium severity
CVE-2024-49771
Patched versions:
>= 13.5.1
Unaffected versions:
< 8.3.5
Impact
The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations.
Patches
The issue is addressed in MPXJ version 13.5.1
Workarounds
Do not pass zip files to MPXJ.
References
N/A
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.