JVN#53278122: Minecraft Java Edition vulnerable to directory traversal

2021-07-21T00:00:00
ID JVN:53278122
Type jvn
Reporter Japan Vulnerability Notes
Modified 2021-07-27T00:00:00

Description

## Description

Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability (CWE-22).

## Impact

Arbitrary JSON files on the system using the product may be deleted by an attacker.

## Solution

Update Minecraft
Update Minecraft to the latest version according to the information provided by the developer. The developer fixed the vulnerability and released 1.17.1 Pre-release 1 (1.17.1-pre).

The users of Spigot or Forge released for the following Minecraft versions are recommended to apply the latest versions for the respective products. In this way, users of Spigot or Forge are not required to change Minecraft version, and the impact of this vulnerability can be mitigated.

  • Spigot
    • Minecraft 1.16.5
    • Minecraft 1.17
  • Forge
    • Minecraft 1.15.2
    • Minecraft 1.16.5

## Products Affected

  • Minecraft 1.17 and earlier