net.sf.mpxj:mpxj (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package net.sf.mpxj:mpxj, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2020-35460 — CVSS 5.3 (medium): common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the…
CVE-2024-49771 — CVSS 5.3 (medium): MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical…
CVE-2022-41954 — CVSS 3.3 (low): MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems…