CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
mrpack-install vulnerable to path traversal with dependency in github.com/nothub/mrpack-install
github.com/nothub/mrpack-install/commit/a1f424b6a616d2de95228781eef3b92b9769f23c
github.com/nothub/mrpack-install/releases/tag/v0.16.3
github.com/nothub/mrpack-install/security/advisories/GHSA-r887-gfxh-m9rr
nvd.nist.gov/vuln/detail/CVE-2023-25307
quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities