Pf4J · Pf4J · CVE-2023-40827
**Name of the Vulnerable Software and Affected Versions**
pf4j versions 3.9.0 and earlier
**Description**
An issue in pf4j allows a remote attacker to obtain sensitive information and execute arbitrary code via the `loadpluginPath` parameter.
**Recommendations**
For pf4j versions 3.9.0 and earlier, consider restricting access to the `loadpluginPath` parameter to minimize the risk of exploitation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.