GHSA-j8r2-47rx-qhw4

Source

https://github.com/advisories/GHSA-j8r2-47rx-qhw4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-j8r2-47rx-qhw4/GHSA-j8r2-47rx-qhw4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j8r2-47rx-qhw4

Aliases

CVE-2025-14306

Published

2025-12-09T18:30:35Z

Modified

2025-12-09T23:12:49.685155Z

Severity

10.0 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red CVSS Calculator

Summary

Robocode vulnerable to Directory Traversal in recursivelyDelete Method

Details

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-09T22:50:21Z",
    "severity": "CRITICAL",
    "nvd_published_at": "2025-12-09T16:17:38Z",
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Maven / net.sf.robocode:robocode.core

Package

Name: net.sf.robocode:robocode.core; View open source insights on deps.dev
Purl: pkg:maven/net.sf.robocode/robocode.core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.5.6

Affected versions

1.*

1.9.4.0

1.9.4.1

1.9.4.2

1.9.4.3

1.9.4.5

1.9.4.6

1.9.4.7

1.9.4.8

1.9.5.0

1.9.5.1

1.9.5.2

1.9.5.3

1.9.5.4

1.9.5.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-j8r2-47rx-qhw4/GHSA-j8r2-47rx-qhw4.json"