CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
27.0%
Importing a malicious .mrpack
file can cause path traversal while downloading files.
This can lead to scripts or config files being placed or replaced at arbitrary locations, without the user noticing.
No patches yet.
Avoid importing .mrpack
files from untrusted sources.
https://docs.modrinth.com/docs/modpacks/format_definition/#files
Vendor | Product | Version | CPE |
---|---|---|---|
nothub | mrpack-install | * | cpe:2.3:a:nothub:mrpack-install:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-r887-gfxh-m9rr
github.com/nothub/mrpack-install/commit/a1f424b6a616d2de95228781eef3b92b9769f23c
github.com/nothub/mrpack-install/releases/tag/v0.16.3
github.com/nothub/mrpack-install/security/advisories/GHSA-r887-gfxh-m9rr
nvd.nist.gov/vuln/detail/CVE-2023-25307
quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/