Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mpxj
(Mpxj)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 3 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-11-25 | CVE-2022-41954 | MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could... | Mpxj | 3.3 | ||
2020-08-29 | CVE-2020-25020 | MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. | Mpxj, Primavera_unifier | 9.8 | ||
2020-12-14 | CVE-2020-35460 | common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. | Mpxj, Primavera_unifier | 5.3 |