CVE-2024-30254

Name of the Vulnerable Software and Affected Versions MesonLSP versions prior to 4.1.4

Description A vulnerability in MesonLSP allows overwriting arbitrary files if an attacker can make the victim run the language server within a specific crafted project or execute mesonlsp --full.

Recommendations For versions prior to 4.1.4, update to version 4.1.4 to resolve the issue. As a temporary workaround, avoid running mesonlsp --full and set the language server option others.neverDownloadAutomatically to true.