Mpxj · Mpxj · CVE-2024-49771
Name of the Vulnerable Software and Affected Versions:
MPXJ versions prior to 13.5.1
Description:
The patch for a historical issue in MPXJ is incomplete, allowing a malicious path to be constructed that could enable files to be written to arbitrary locations.
Recommendations:
For versions prior to 13.5.1, update to version 13.5.1 to address the issue.
As a temporary workaround, do not pass zip files to MPXJ until the issue is resolved.