BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.
References
Link | Resource |
---|---|
https://github.com/Exopteron/BiblioRCE | Exploit Third Party Advisory |
https://github.com/Exopteron/BiblioRCE | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:57
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-07 04:15
Updated : 2024-11-21 07:57
NVD link : CVE-2023-29478
Mitre link : CVE-2023-29478
CVE.ORG link : CVE-2023-29478
JSON object : View
Products Affected
bibliocraftmod
- bibliocraft
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')