Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directory traversal allowing overwriting arbitrary files
Vulnerability Description
MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either run the language server within a specific crafted project or `mesonlsp --full`. Version 4.1.4 contains a patch for this issue. As a workaround, avoid running `mesonlsp --full` and set the language server option `others.neverDownloadAutomatically` to `true`.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
MesonLSP 安全漏洞
Vulnerability Description
MesonLSP是JCWasmx86个人开发者的一个用 C++ 编写的介子的非官方、未经批准的语言服务器。 MesonLSP 4.1.4之前版本存在安全漏洞,该漏洞源于存在目录遍历漏洞。攻击者可利用该漏洞覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A