PT-2024-32290 · Unknown · Game Extension Engine
Chengkang Sun
+3
·
Published
2024-11-28
·
Updated
2024-11-28
·
CVE-2024-46939
CVSS v4.0
2.4
Low
| Vector | AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:N/R:A/V:D |
Name of the Vulnerable Software and Affected Versions
Game extension engine versions 1.2.7.0 and earlier
Description
The game extension engine exposes some components, allowing attackers to construct parameters for path traversal attacks. These attacks can overwrite local specific files.
Recommendations
For versions 1.2.7.0 and earlier, consider disabling the vulnerable components until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using parameters that can be used for path traversal attacks in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Game Extension Engine