Headline
GHSA-cj8w-v588-p8wx: pf4j vulnerable to remote code execution via expandIfZip method in the extract function
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
pf4j vulnerable to remote code execution via expandIfZip method in the extract function
High severity GitHub Reviewed Published Aug 29, 2023 to the GitHub Advisory Database • Updated Aug 29, 2023
Related news
CVE-2023-40828: Add security checks to prevent directory traversal when decompressing… by afeng2016-s · Pull Request #537 · pf4j/pf4j
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.