CVE-2024-49771 MEDIUM

CVE-2024-49771: MPXJ has a Potential Path Traversal Vulnerability

Vendor Joniles
Product mpxj
Weakness CWE-22 · Path traversal
Published October 28, 2024
Last update October 29, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. The issue is addressed in MPXJ version 13.5.1.

Key dates

02Disclosure timeline

October 28, 2024 CVE published
October 29, 2024 Record updated