CVE-2023-33245

Published May 30, 2023

Last updated a year ago

CVSS high 8.8

Overview

Description: Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:minecraft:minecraft:*:*:*:*:java:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A571DE7F-0DF8-4DEA-8F0C-FF778268BBEB",
            "versionEndIncluding": "1.19"
          },
          {
            "criteria": "cpe:2.3:a:minecraft:minecraft:1.20:pre-release1:*:*:java:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABE61DF5-1D28-4A9E-B8A3-E2527ED1C9D2"
          },
          {
            "criteria": "cpe:2.3:a:minecraft:minecraft:1.20:pre-release2:*:*:java:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D581D3D-68E5-4913-9096-50F6FED273CA"
          },
          {
            "criteria": "cpe:2.3:a:minecraft:minecraft:1.20:pre-release3:*:*:java:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B62CDE85-6C18-4ACB-B638-CF27F5124F93"
          },
          {
            "criteria": "cpe:2.3:a:minecraft:minecraft:1.20:pre-release4:*:*:java:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6FE2F58-B0BE-4B95-B0B9-47DCD940918A"
          },
          {
            "criteria": "cpe:2.3:a:minecraft:minecraft:1.20:pre-release5:*:*:java:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CE3DC1D-3E8F-4988-828A-107B90B56F7B"
          },
          {
            "criteria": "cpe:2.3:a:minecraft:minecraft:1.20:pre-release6:*:*:java:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84124E34-2471-4866-AACA-46EAD5683673"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References