High severity8.2NVD Advisory· Published Aug 16, 2024· Updated Apr 15, 2026

CVE-2024-43395

Description

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating ..s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue.

Patches

aaeec7dde6ad

https://github.com/mcjack123/craftos2via osv

commit

f7a88b905560

https://github.com/mcjack123/craftos2via osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/MCJack123/craftos2/commit/f7a88b905560df4366fb69f09b70f05984e05ad3nvd
github.com/MCJack123/craftos2/security/advisories/GHSA-hr3w-wc83-6923nvd

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000