CVE-2021-35054: Path Traversal
First published: Tue Jul 20 2021(Updated: )
Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Minecraft Minecraft | <1.17.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-35054?
CVE-2021-35054 is a vulnerability in Minecraft before version 1.17.1 that allows path traversal for deletion of arbitrary JSON files when online-mode=false is configured.
How does CVE-2021-35054 impact Minecraft?
CVE-2021-35054 allows an attacker to delete arbitrary JSON files in Minecraft when online-mode=false is configured.
What is the severity of CVE-2021-35054?
CVE-2021-35054 has a severity rating of 7.5 (high).
How can I fix CVE-2021-35054 in Minecraft?
To fix CVE-2021-35054, update Minecraft to version 1.17.1 or later.
Are there any references for CVE-2021-35054?
Yes, you can find references for CVE-2021-35054 at the following links: [JVN](http://jvn.jp/en/jp/JVN53278122/index.html), [VulnDB](https://vuln.ryotak.me/advisories/55), [Minecraft Official Website](https://www.minecraft.net/en-us/article/minecraft-java-edition-1-16-5).
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/minecraft
- canonical/minecraft minecraft