CVE-2023-40828

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 28, 2023
Updated: Aug 29, 2023
CWE ID 22

Summary

CVE-2023-40828 is a vulnerability affecting the pf4j library version 3.9.0 and earlier. This issue enables a remote attacker to exploit the expandIfZip method in the extract function, gaining access to sensitive information and executing arbitrary code. This vulnerability poses a significant risk and requires immediate attention from users to update their pf4j libraries to a secure version. Failure to do so may result in unauthorized access and potential data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share