Advisory #67
| Title | Minecraft improper symbolic link handling |
| CVE ID | CVE-2023-33245 |
| Vendor | Mojang Studios |
| Affected product | Minecraft |
| Affected versions | < 1.20 Pre-release 7 |
| Vulnerability type | CWE-59 (Improper Link Resolution Before File Access) |
| Description | Minecraft before 1.20 Pre-release 7 handles the world data with symbolic links improperly, allowing malicious world data to overwrite arbitrary files with partially controlled contents. This vulnerability may result in remote code execution depending on the target environment. (Typically, this occurs when extracting untrusted world data using the archiver with symbolic link support is used.) |
| Status | Fixed in 1.20 Pre-release 7 |
| Recommendation | Update to 1.20 Pre-release 7 or above. If you are using an older version of Minecraft, check the existence of symbolic links before loading untrusted world data. |