High severity7.5NVD Advisory· Published Sep 21, 2022· Updated Jun 17, 2026
CVE-2022-39221
CVE-2022-39221
Description
McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the mods directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=0.1.2.1, <=0.1.1
- J-onasJones/McWebserverv5Range: < 0.2.0
Patches
Vulnerability mechanics
References
2- github.com/J-onasJones/McWebserver/pull/1nvdPatchThird Party Advisory
- github.com/J-onasJones/McWebserver/security/advisories/GHSA-gcvq-42cx-r46qnvdThird Party Advisory
News mentions
0No linked articles in our index yet.