Product:

Mpxj

(Mpxj)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date Id Summary Products Score Patch Annotated
2022-11-25 CVE-2022-41954 MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could... Mpxj 3.3
2020-08-29 CVE-2020-25020 MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. Mpxj, Primavera_unifier 9.8
2020-12-14 CVE-2020-35460 common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. Mpxj, Primavera_unifier 5.3