Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)
Vulnerability Description
CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
CraftOS-PC 2 安全漏洞
Vulnerability Description
CraftOS-PC 2是JackMacWindows个人开发者的一个用 C++ 编写的快速、现代、功能丰富的 ComputerCraft 模拟器。 CraftOS-PC 2 2.8.3之前版本存在安全漏洞,该漏洞源于用户可以通过混淆..绕过防止父目录遍历的内部检查,从而逃离计算机文件夹并无需许可或通知即可访问任何地方的文件。
CVSS Information
N/A
Vulnerability Type
N/A