Akarys42

**Name of the Vulnerable Software and Affected Versions** ATLauncher versions 3.4.26.0 and earlier **Description** The issue allows a maliciously crafted mrpack file to create arbitrary files outside of the installation directory due to a Directory Traversal weakness. **Recommendations** For ATLauncher versions 3.4.26.0 and earlier, update to a version later than 3.4.26.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PolyMC Launcher versions 1.4.3 and earlier **Description** The issue allows a maliciously crafted mrpack file to create arbitrary files outside of the installation directory due to a Directory Traversal weakness. **Recommendations** For PolyMC Launcher versions 1.4.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Prism Launcher versions up to v6.1 **Description** The issue allows attackers to perform a directory traversal via importing a crafted .mrpack file. This can be exploited by importing a specifically designed .mrpack file, potentially leading to unauthorized access to sensitive directories. **Recommendations** For Prism Launcher versions up to v6.1, update to a version later than v6.1 to resolve the issue. As a temporary workaround, consider restricting the import of .mrpack files from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** mrpack-install versions 0.16.2 and earlier **Description** The issue allows an attacker to perform a Directory Traversal attack by importing a malicious `.mrpack` file. This can cause scripts or config files to be placed or replaced at arbitrary locations without the user's knowledge. **Recommendations** For mrpack-install versions 0.16.2 and earlier, avoid importing `.mrpack` files from untrusted sources as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Python discord bot (affected versions not specified) **Description** The issue concerns the Python discord bot, which is the community bot for the Python Discord community. In affected versions, when a non-blacklisted URL and an otherwise triggering filter token are included in the same message, the token filter does not trigger. This means that by including any non-blacklisted URL, moderation filters can be bypassed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.