CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-33245
https://notcve.org/view.php?id=CVE-2023-33245
30 May 2023 — Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. • https://help.minecraft.net/hc/en-us/articles/16165590199181 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35054
https://notcve.org/view.php?id=CVE-2021-35054
20 Jul 2021 — Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files. Minecraft versiones anteriores a 1.17.1, cuando es configurado el modo online=false, permite un salto de ruta para la eliminación archivos JSON arbitrarios • http://jvn.jp/en/jp/JVN53278122/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •