{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61517?format=json","vulnerability_id":"VCID-7zz8-63tw-byar","summary":"Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.","aliases":[{"alias":"CVE-2024-24042"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed","reference_id":"193358682885fe1a6708309ce934e4ed","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-03-21T18:27:21Z/"}],"url":"https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed"},{"reference_url":"https://github.com/Devan-Kerman/ARRP/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b","reference_id":"7ea80db462c8bf66a0565e84fa49c1f2ecb9287b","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-03-21T18:27:21Z/"}],"url":"https://github.com/Devan-Kerman/ARRP/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b"}],"weaknesses":[],"exploits":[],"severity_range_score":"8.8 - 8.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zz8-63tw-byar"}