First published: Tue Jul 20 2021(Updated: )
Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Minecraft Minecraft | <1.17.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35054 is a vulnerability in Minecraft before version 1.17.1 that allows path traversal for deletion of arbitrary JSON files when online-mode=false is configured.
CVE-2021-35054 allows an attacker to delete arbitrary JSON files in Minecraft when online-mode=false is configured.
CVE-2021-35054 has a severity rating of 7.5 (high).
To fix CVE-2021-35054, update Minecraft to version 1.17.1 or later.
Yes, you can find references for CVE-2021-35054 at the following links: [JVN](http://jvn.jp/en/jp/JVN53278122/index.html), [VulnDB](https://vuln.ryotak.me/advisories/55), [Minecraft Official Website](https://www.minecraft.net/en-us/article/minecraft-java-edition-1-16-5).