CVE-2023-33245

Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:minecraft:minecraft:*:*:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release1:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release2:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release3:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release4:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release5:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release6:*:*:java:*:*:*

History

21 Nov 2024, 08:05

Type Values Removed Values Added
References () https://help.minecraft.net/hc/en-us/articles/16165590199181 - Vendor Advisory () https://help.minecraft.net/hc/en-us/articles/16165590199181 - Vendor Advisory
References () https://vuln.ryotak.net/advisories/67 - Third Party Advisory () https://vuln.ryotak.net/advisories/67 - Third Party Advisory
References () https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7 - Release Notes () https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7 - Release Notes

05 Jun 2023, 18:34

Type Values Removed Values Added
References (MISC) https://help.minecraft.net/hc/en-us/articles/16165590199181 - (MISC) https://help.minecraft.net/hc/en-us/articles/16165590199181 - Vendor Advisory
References (MISC) https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7 - (MISC) https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7 - Release Notes
References (MISC) https://vuln.ryotak.net/advisories/67 - (MISC) https://vuln.ryotak.net/advisories/67 - Third Party Advisory
CWE CWE-59
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:minecraft:minecraft:1.20:pre-release2:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:*:*:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release6:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release1:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release3:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release4:*:*:java:*:*:*
cpe:2.3:a:minecraft:minecraft:1.20:pre-release5:*:*:java:*:*:*

30 May 2023, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-30 05:15

Updated : 2024-11-21 08:05


NVD link : CVE-2023-33245

Mitre link : CVE-2023-33245

CVE.ORG link : CVE-2023-33245


JSON object : View

Products Affected

minecraft

  • minecraft
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')