CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mpxj:mpxj:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*

History

06 Aug 2022, 03:53

Type Values Removed Values Added
First Time Oracle
Oracle primavera Unifier
CPE cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory

20 Jan 2021, 15:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2021.html -

Information

Published : 2020-12-14 23:15

Updated : 2022-08-06 03:53


NVD link : CVE-2020-35460

Mitre link : CVE-2020-35460


JSON object : View

Products Affected

mpxj

  • mpxj

oracle

  • primavera_unifier
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')