First published: Tue May 30 2023(Updated: )
Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Minecraft Minecraft | <=1.19 | |
Minecraft Minecraft | =1.20-pre-release1 | |
Minecraft Minecraft | =1.20-pre-release2 | |
Minecraft Minecraft | =1.20-pre-release3 | |
Minecraft Minecraft | =1.20-pre-release4 | |
Minecraft Minecraft | =1.20-pre-release5 | |
Minecraft Minecraft | =1.20-pre-release6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-33245 is a vulnerability in Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) that allows arbitrary file overwrite and possibly code execution via crafted world data containing a symlink.
CVE-2023-33245 has a severity rating of 8.8 (high).
Minecraft versions 1.19 and 1.20 pre-releases (before 1.20-pre-release7) are affected by CVE-2023-33245.
The arbitrary file overwrite vulnerability in CVE-2023-33245 can be exploited by using crafted world data that contains a symlink.
You can find more information about CVE-2023-33245 on the following websites: [Minecraft Official Website](https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7), [Minecraft Help Center](https://help.minecraft.net/hc/en-us/articles/16165590199181), [vuln.ryotak.net](https://vuln.ryotak.net/advisories/67).