Moderate severityNVD Advisory· Published Dec 14, 2020· Updated May 5, 2025
CVE-2020-35460
CVE-2020-35460
Description
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
net.sf.mpxj:mpxjMaven | < 8.3.5 | 8.3.5 |
Affected products
2- Packwood/MPXJdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-p9j6-4pjr-gp48ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-35460ghsaADVISORY
- www.mpxj.org/changes-report.htmlghsax_refsource_MISCWEB
- github.com/joniles/mpxj/commit/8eaf4225048ea5ba7e59ef4556dab2098fcc4a1dghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2021.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.