Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.
References
Link | Resource |
---|---|
https://help.minecraft.net/hc/en-us/articles/16165590199181 | Vendor Advisory |
https://vuln.ryotak.net/advisories/67 | Third Party Advisory |
https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7 | Release Notes |
https://help.minecraft.net/hc/en-us/articles/16165590199181 | Vendor Advisory |
https://vuln.ryotak.net/advisories/67 | Third Party Advisory |
https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7 | Release Notes |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://help.minecraft.net/hc/en-us/articles/16165590199181 - Vendor Advisory | |
References | () https://vuln.ryotak.net/advisories/67 - Third Party Advisory | |
References | () https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7 - Release Notes |
05 Jun 2023, 18:34
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://help.minecraft.net/hc/en-us/articles/16165590199181 - Vendor Advisory | |
References | (MISC) https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7 - Release Notes | |
References | (MISC) https://vuln.ryotak.net/advisories/67 - Third Party Advisory | |
CWE | CWE-59 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:minecraft:minecraft:1.20:pre-release2:*:*:java:*:*:* cpe:2.3:a:minecraft:minecraft:*:*:*:*:java:*:*:* cpe:2.3:a:minecraft:minecraft:1.20:pre-release6:*:*:java:*:*:* cpe:2.3:a:minecraft:minecraft:1.20:pre-release1:*:*:java:*:*:* cpe:2.3:a:minecraft:minecraft:1.20:pre-release3:*:*:java:*:*:* cpe:2.3:a:minecraft:minecraft:1.20:pre-release4:*:*:java:*:*:* cpe:2.3:a:minecraft:minecraft:1.20:pre-release5:*:*:java:*:*:* |
30 May 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 05:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33245
Mitre link : CVE-2023-33245
CVE.ORG link : CVE-2023-33245
JSON object : View
Products Affected
minecraft
- minecraft
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')