MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either run the language server within a specific crafted project or `mesonlsp --full`. Version 4.1.4 contains a patch for this issue. As a workaround, avoid running `mesonlsp --full` and set the language server option `others.neverDownloadAutomatically` to `true`.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-04T19:00:42.227Z
Updated: 2024-08-26T20:43:45.256Z
Reserved: 2024-03-26T12:52:00.933Z
Link: CVE-2024-30254
Vulnrichment
Updated: 2024-08-02T01:32:05.394Z
NVD
Status : Awaiting Analysis
Published: 2024-04-04T19:15:08.793
Modified: 2024-04-04T19:24:50.670
Link: CVE-2024-30254
Redhat
No data.