CVE-2023-33245

Published: May 30, 2023Modified: Jan 10, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.

Affected (7)

Products: Minecraft: Minecraft

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Minecraft Minecraft	Up to 1.19
Minecraft Minecraft	Version 1.20 pre-release1
Minecraft Minecraft	Version 1.20 pre-release2
Minecraft Minecraft	Version 1.20 pre-release3
Minecraft Minecraft	Version 1.20 pre-release4
Minecraft Minecraft	Version 1.20 pre-release5
Minecraft Minecraft	Version 1.20 pre-release6

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

https://help.minecraft.net/hc/en-us/articles/16165590199181

Source: cve@mitre.org

Vendor Advisory

https://vuln.ryotak.net/advisories/67

Source: cve@mitre.org

Third Party Advisory

https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7

Source: cve@mitre.org

Release Notes

https://help.minecraft.net/hc/en-us/articles/16165590199181

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://vuln.ryotak.net/advisories/67

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.