Home > Vulnerability Database > CVE-2024-49771

Mend.io Vulnerability Database

CVE-2024-49771

Good to know:

Date: October 28, 2024

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. The issue is addressed in MPXJ version 13.5.1.

Language: Python

Severity Score

5.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-49771

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mpxj/CVE-2024-49771.yml

Url: https://github.com/joniles/mpxj/commit/8002802890dfdc8bc74259f37e053e15b827eea0

Url: https://github.com/joniles/mpxj

Url: https://github.com/joniles/mpxj/security/advisories/GHSA-j945-c44v-97g6

Url: https://www.mend.io/vulnerability-database/CVE-2024-49771

Severity Score

5.3

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version mpxj - 13.5.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-49771

Good to know:

Date: October 28, 2024

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?