Description

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. The issue is addressed in MPXJ version 13.5.1.

INFO

Published Date :

2024-10-28T16:57:43.271Z

Last Modified :

2024-10-29T13:37:18.103Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49771 vulnerability.

Vendors Products
Mpxj
  • Mpxj
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49771.

URL Resource
https://github.com/joniles/mpxj/commit/8002802890dfdc8bc74259f37e053e15b827eea0 cve-icon cve-icon
https://github.com/joniles/mpxj/security/advisories/GHSA-j945-c44v-97g6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact