exploitDog

CVE-2023-25305

Опубликовано: 04 апр. 2023

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.

Ссылки

https://github.com/PolyMC/PolyMC/security/advisories/GHSA-3rfr-g9g9-7gx2
Patch
Vendor Advisory
https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/
Exploit
Third Party Advisory
https://github.com/PolyMC/PolyMC/security/advisories/GHSA-3rfr-g9g9-7gx2
Patch
Vendor Advisory
https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:polymc:polymc:*:*:*:*:*:*:*:*

Версия до 5.0 (исключая)

EPSS

Процентиль: 66%

0.00518

Низкий

7.1 High

CVSS3

Дефекты

CWE-22

CWE-22

EPSS

Процентиль: 66%

0.00518

Низкий

7.1 High

CVSS3

Дефекты

CWE-22

CWE-22