CVE-2024-49771: MPXJ has a Potential Path Traversal Vulnerability
(updated )
The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations.
References
- github.com/advisories/GHSA-j945-c44v-97g6
- github.com/joniles/mpxj
- github.com/joniles/mpxj/commit/8002802890dfdc8bc74259f37e053e15b827eea0
- github.com/joniles/mpxj/security/advisories/GHSA-j945-c44v-97g6
- github.com/rubysec/ruby-advisory-db/blob/master/gems/mpxj/CVE-2024-49771.yml
- nvd.nist.gov/vuln/detail/CVE-2024-49771
Code Behaviors & Features
Detect and mitigate CVE-2024-49771 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →