CVE-2023-40828

CVE-2023-40828

EPSS 1.3%

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 https://github.com/pf4j/pf4j/pull/537 https://github.com/pf4j/pf4j/pull/538