>

>

Security Advisory

>

Details

Security Advisory | Game Extension Engine Path Traversal Vulnerability

Original release date: 2024-10-21

CVE ID

CVE-2024-46939

CVSS 3.1 Base Score

4.8 Medium （AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L）

Description

The game extension engine has a path traversal vulnerability that can overwrite local specific files

Software Versions and Fixes

Software Affected Version Fixed Version
Game Extension Engine Version 1.2.7 and earlier versions v1.2.8.0

Temporary Fix

NA

Obtaining Fixed Software

This vulnerability can be fixed by downloading the latest version of the game extension engine

Source

Shark Chili Security Team，Yijin Zhang, Wenqi Zhu, You Wu , Chengkang Sun

Update Records

2024-10-21 V1.0 INITIAL

FAQs

NA

vivo Security Procedures

vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.