JCWasmx86

1 exploit Active since Apr 2024
CVE-2024-30254 WRITEUP MEDIUM WRITEUP
mesonlsp < 4.1.4 - Arbitrary File Write via Crafted Project or --full Mode
MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either run the language server within a specific crafted project or `mesonlsp --full`. Version 4.1.4 contains a patch for this issue. As a workaround, avoid running `mesonlsp --full` and set the language server option `others.neverDownloadAutomatically` to `true`.
CVSS 5.8