Headline
GHSA-3r28-rgp9-qgv4: pf4j vulnerable to remote code execution via the zippluginPath parameter
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
pf4j vulnerable to remote code execution via the zippluginPath parameter
High severity GitHub Reviewed Published Aug 29, 2023 to the GitHub Advisory Database • Updated Aug 29, 2023
Related news
CVE-2023-40826: The method of extracting the zip file has a path traversal vulnerability · Issue #536 · pf4j/pf4j
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.