CVE-2024-43395

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Aug 16, 2024
Updated: Aug 19, 2024
CWE ID 22

Summary

CVE-2024-43395 is a vulnerability affecting CraftOS-PC 2, a desktop operating system based on C++, PUC Lua, and SDL for Minecraft mod ComputerCraft. Before version 2.8.3, this software allowed users on the Windows platform to bypass internal checks against parent directory traversal by obfuscating `..` symbols. Consequently, they could access files anywhere on the system without proper authorization or notification. The latest version, 2.8.3, includes a patch to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share