PT-2021-20816 · Mojang · Minecraft
Ryotak
·
Published
2021-07-20
·
Updated
2021-07-28
·
CVE-2021-35054
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Minecraft versions prior to 1.17.1
Description:
The issue allows path traversal for deletion of arbitrary JSON files when online-mode=false is configured.
Recommendations:
For versions prior to 1.17.1, update to version 1.17.1 or later to resolve the issue. As a temporary workaround, consider setting online-mode to true to prevent path traversal attacks. Restrict access to JSON files to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Minecraft