Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') McWebserver Minecraft Mod
Vulnerability Description
McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
McWebserver 路径遍历漏洞
Vulnerability Description
McWebserver是Jonas_Jones个人开发者的一个与 Minecraft 服务器一起运行的简单网络服务器。 McWebserver mod for Fabric 和 Quilt 0.1.2.1及之前版本、McWebserver Minecraft Mod for Forge 0.1.1及之前版本存在路径遍历漏洞,攻击者利用该漏洞可以通过 HTTP 请求读取程序可访问的所有文件。
CVSS Information
N/A
Vulnerability Type
N/A