CVE-2024-43395

Name of the Vulnerable Software and Affected Versions CraftOS-PC 2 versions prior to 2.8.3

Description The issue allows users of CraftOS-PC 2 on Windows to escape the computer folder and access files anywhere without permission or notice by obfuscating ..s to bypass the internal check preventing parent directory traversal. This is achieved by exploiting a weakness in the internal checks, allowing unauthorized access to files.

Recommendations For versions prior to 2.8.3, update to version 2.8.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.