CVE-2024-22779

Name of the Vulnerable Software and Affected Versions Kihron ServerRPExposer versions 1.0.2 and before

Description A Directory Traversal issue allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. This enables the attacker to potentially access and manipulate files outside the intended directory structure.

Recommendations For versions 1.0.2 and before, consider disabling the loadServerPack function in ServerResourcePackProviderMixin.java as a temporary workaround until a patch is available. Restrict access to the ServerResourcePackProviderMixin.java module to minimize the risk of exploitation. Avoid using the loadServerPack function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.