The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations.
On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r–r–. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in …