net.sf.mpxj:mpxj

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting net.sf.mpxj:mpxjpage 1 of 1

CVE-2020-25020CRITICALCVSS 9.8EG 9.8✓ Fixed in 8.1.4
2020-08-29
vulnerable: 4.7.1 ... 8.1.3 (100 versions)
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
CVE-2020-35460MEDIUMCVSS 5.3EG 5.3✓ Fixed in 8.3.5
2020-12-14
vulnerable: 4.7.1 ... 8.3.4 (107 versions)
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
CVE-2022-41954LOWCVSS 3.3EG 3.3✓ Fixed in 10.14.1
2022-11-25
vulnerable: 10.0.0 ... 9.8.3 (154 versions)
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being cr…
CVE-2024-49771MEDIUMCVSS 5.3EG 5.3✓ Fixed in 13.5.1
2024-10-28
vulnerable: 10.0.0 ... 9.8.3 (99 versions)
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious p…

Check whether net.sf.mpxj:mpxj is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for net.sf.mpxj:mpxj CVEs against the assets you own.

Start Free Scan →