CVE-2024-24043

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24043

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24043.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24043

Published

2024-03-19T07:15:09Z

Modified

2025-10-21T17:35:24.608495Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file.

References

Affected packages

Git / github.com/speedy11cz/mcrpx

Affected ranges

Type: GIT
Repo: https://github.com/speedy11cz/mcrpx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

02ca6d1fd851567560046766ac9d04d20db35b8e

Affected versions

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.3.0

v1.4.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-24043-a7cee4d6",
        "source": "https://github.com/speedy11cz/mcrpx/commit/02ca6d1fd851567560046766ac9d04d20db35b8e",
        "digest": {
            "function_hash": "118215111685278071671602230717341604626",
            "length": 972.0
        },
        "signature_type": "Function",
        "target": {
            "function": "extractMinecraft",
            "file": "common/src/main/java/cz/speedy11/mcrpx/common/util/ZipUtil.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-24043-b03954b3",
        "source": "https://github.com/speedy11cz/mcrpx/commit/02ca6d1fd851567560046766ac9d04d20db35b8e",
        "digest": {
            "function_hash": "275231821311305659207831122986026375419",
            "length": 1028.0
        },
        "signature_type": "Function",
        "target": {
            "function": "extractZip",
            "file": "common/src/main/java/cz/speedy11/mcrpx/common/util/ZipUtil.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-24043-de5e2243",
        "source": "https://github.com/speedy11cz/mcrpx/commit/02ca6d1fd851567560046766ac9d04d20db35b8e",
        "digest": {
            "line_hashes": [
                "56932408313014443650387688952929678220",
                "60001982549816268247656229615257098345",
                "113389323821436570736798779328269422851",
                "252595848725142804002111805393373383989",
                "197403871229717698560725342956622517733",
                "102357048115856912678204455879764324725",
                "224343333416842060342749285221695846736",
                "267670675517025857858941608672995898707"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "common/src/main/java/cz/speedy11/mcrpx/common/util/ZipUtil.java"
        }
    }
]