CVE-2023-25305 Information

Description

PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.

Reference

https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/ https://github.com/PolyMC/PolyMC/security/advisories/GHSA-3rfr-g9g9-7gx2