Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability (CWE-22).
Arbitrary JSON files on the system using the product may be deleted by an attacker.
Update Minecraft to the latest version according to the information provided by the developer. The developer fixed the vulnerability and released 1.17.1 Pre-release 1 (1.17.1-pre).
The users of Spigot or Forge released for the following Minecraft versions are recommended to apply the latest versions for the respective products. In this way, users of Spigot or Forge are not required to change Minecraft version, and the impact of this vulnerability can be mitigated.
## Products Affected