CVE-2024-46939

Summary

The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files

Affected Software

VendorProductVersion RangeStatus
vivoGame Extension Engineversions below 1.2.7.0affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References