← voltar
CVE-2024-30254

Directory traversal allowing overwriting arbitrary files

CVSS 5.8 MEDIUMEPSS 0.2%CWE-22
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 abr 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either run the language server within a specific crafted project or `mesonlsp --full`. Version 4.1.4 contains a patch for this issue. As a workaround, avoid running `mesonlsp --full` and set the language server option `others.neverDownloadAutomatically` to `true`.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
Produtos afetados
JCWasmx86 · mesonlsp