org.pf4j:pf4j@2.2.0 vulnerabilities

  • latest version

    3.13.0

  • latest non vulnerable version

  • first published

    7 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.pf4j:pf4j package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Remote Code Execution (RCE)

    Affected versions of this package are vulnerable to Remote Code Execution (RCE) via the zippluginPath parameter which allows a remote attacker to obtain sensitive information and execute arbitrary code.

    How to fix Remote Code Execution (RCE)?

    Upgrade org.pf4j:pf4j to version 3.10.0 or higher.

    [0,3.10.0)
    • H
    Arbitrary File Write via Archive Extraction (Zip Slip)

    Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the expandIfZip method in the extract function. An attacker can obtain sensitive information and execute arbitrary code by exploiting this method.

    How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

    Upgrade org.pf4j:pf4j to version 3.10.0 or higher.

    [0,3.10.0)
    • H
    Directory Traversal

    Affected versions of this package are vulnerable to Directory Traversal via the loadpluginPath parameter. An attacker can obtain sensitive information and execute arbitrary code by manipulating the input.

    How to fix Directory Traversal?

    Upgrade org.pf4j:pf4j to version 3.10.0 or higher.

    [0,3.10.0)