Security Advisory | Game Extension Engine Path Traversal Vulnerability
Original release date: 2024-10-21
CVE ID
CVE-2024-46939
CVSS 3.1 Base Score
4.8 Medium (AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Description
The game extension engine has a path traversal vulnerability that can overwrite local specific files
Software Versions and Fixes
- Software Affected Version Fixed Version
- Game Extension Engine Version 1.2.7 and earlier versions v1.2.8.0
Temporary Fix
NA
Obtaining Fixed Software
This vulnerability can be fixed by downloading the latest version of the game extension engine
Source
Shark Chili Security Team,Yijin Zhang, Wenqi Zhu, You Wu , Chengkang Sun
Update Records
2024-10-21 V1.0 INITIAL
FAQs
NA
vivo Security Procedures
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.