RubySec

Providing security resources for the Ruby community

GHSA-7952-gx68-cjqr (mpxj): Potential Path Traversal Vulnerability in Primavera P3 PRX and SureTrak STX readers

Potential Path Traversal Vulnerability in Primavera P3 PRX and SureTrak STX readers

Published: July 03, 2026

SECURITY IDENTIFIERS

GEM

mpxj

SEVERITY

CVSS v3.x: 5.3 (Medium)

UNAFFECTED VERSIONS

< 7.3.0

PATCHED VERSIONS

>= 16.5.0

DESCRIPTION

Impact

When reading a suitably crafted PRX or STX file, MPXJ can be made to write files to arbitrary locations in the file system.

Workarounds

Do not read PRX or STX files from untrusted sources.

RELATED