Description

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue.

INFO

Published Date :

2024-08-16T20:15:32.325Z

Last Modified :

2024-08-19T15:26:20.287Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43395 vulnerability.

Vendors Products
Jackmacwindows
  • Craftos-pc 2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43395.

URL Resource
https://github.com/MCJack123/craftos2/commit/f7a88b905560df4366fb69f09b70f05984e05ad3 cve-icon cve-icon
https://github.com/MCJack123/craftos2/security/advisories/GHSA-hr3w-wc83-6923 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact