PT-2024-33680 · Mpxj · Mpxj
Sprinkle
+1
·
Published
2024-10-28
·
Updated
2024-10-29
·
CVE-2024-49771
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
MPXJ versions prior to 13.5.1
Description:
The patch for a historical issue in MPXJ is incomplete, allowing a malicious path to be constructed that could enable files to be written to arbitrary locations.
Recommendations:
For versions prior to 13.5.1, update to version 13.5.1 to address the issue.
As a temporary workaround, do not pass zip files to MPXJ until the issue is resolved.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mpxj