CVE-2021-35054

Critical 7.5

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files.

Published July 20, 2021.