An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.pf4j:pf4j(Maven) | 0 | N/A | N/A |
CVSS Metrics
