Описание
pf4j vulnerable to remote code execution via expandIfZip method in the extract function
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
Пакеты
Наименование
org.pf4j:pf4j
maven
Затронутые версииВерсия исправления
<= 3.9.0
Отсутствует
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 2 лет назад
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
CVSS3: 7.5
nvd
больше 2 лет назад
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
CVSS3: 7.5
debian
больше 2 лет назад
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...