Home > Vulnerability Database > CVE-2024-43395

Mend.io Vulnerability Database

CVE-2024-43395

Date: August 16, 2024

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating ".."s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue.

Language: C++

Severity Score

8.2

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-43395

Url: https://github.com/MCJack123/craftos2/security/advisories/GHSA-hr3w-wc83-6923

Url: https://github.com/MCJack123/craftos2/commit/f7a88b905560df4366fb69f09b70f05984e05ad3

Url: https://www.mend.io/vulnerability-database/CVE-2024-43395

Severity Score

8.2

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-43395

Date: August 16, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?