Mesonlsp · Mesonlsp · CVE-2024-30254
**Name of the Vulnerable Software and Affected Versions**
MesonLSP versions prior to 4.1.4
**Description**
A vulnerability in MesonLSP allows overwriting arbitrary files if an attacker can make the victim run the language server within a specific crafted project or execute `mesonlsp --full`.
**Recommendations**
For versions prior to 4.1.4, update to version 4.1.4 to resolve the issue.
As a temporary workaround, avoid running `mesonlsp --full` and set the language server option `others.neverDownloadAutomatically` to `true`.