CVE-2023-25307

Name of the Vulnerable Software and Affected Versions mrpack-install versions 0.16.2 and earlier

Description The issue allows an attacker to perform a Directory Traversal attack by importing a malicious .mrpack file. This can cause scripts or config files to be placed or replaced at arbitrary locations without the user's knowledge.

Recommendations For mrpack-install versions 0.16.2 and earlier, avoid importing .mrpack files from untrusted sources as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.