CVE-2020-35460

Name of the Vulnerable Software and Affected Versions Packwood MPXJ versions prior to 8.3.5

Description The issue exists due to incorrect restriction of the directory path name in the common/InputStreamHelper.java library of MPXJ, allowing a remote attacker to write files to arbitrary locations through directory traversal in the zip stream handler flow.

Recommendations For versions prior to 8.3.5, update to version 8.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the common/InputStreamHelper.java library to minimize the risk of exploitation.