PT-2026-45067

Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...

EUVD-2024-40267

Malicious code in bioql PyPI...

CVE-2024-43395

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without...

CVE-2024-43395

CraftOS-PC 2 on Windows is affected by a local filesystem escape vulnerability where an attacker can bypass the parent-directory check by obfuscating dots (..), allowing access to files outside the computer folder. This issue existed prior to version 2.8.3; a patch was released in 2.8.3. No explo...

CVE-2024-43395 CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without...