Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Exploit requires a local user to open an attacker-supplied archive (AV:L, UI:R, PR:N); successful write escapes the container to the host, justifying scope change and full CIA impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a crafted PSARC or sloppak archive. With the default Docker configuration (running as root) and the ability to drop a file into the plugin directory, this escalates to arbitrary remote code execution on the host. Three archive extractors concatenated archive-entry filenames directly onto the extraction root without validation: lib/psarc.py::unpack_psarc - PSARC TOC filenames; lib/patcher.py::unpack_psarc - duplicate of the above in the patcher flow; lib/sloppak.py::_unpack_zip - bare ZipFile.extractall() with no member filter. Each accepts entry names containing .. segments, absolute paths, or backslash separators. The Python zipfile module's default extractall() is documented as not preventing traversal when callers don't supply a member-filter callback. Version 0.2.9-alpha.5 patches the issue. Until updated, do not open PSARC or sloppak archives from untrusted sources, and do not expose the Slopsmith instance to the public internet. Docker users should also pull the latest image after the next slopsmith Docker image is published.
Articles & Coverage 1
AnalysisAI
Arbitrary file write via path traversal in Slopsmith (a self-hosted Rocksmith 2014 CDLC web app) prior to 0.2.9-alpha.5 allows an attacker who can supply a malicious PSARC or sloppak archive to write files outside the extraction directory, escalating to remote code execution under the default Docker image which runs as root and exposes a writable plugin directory. The CVSS 4.0 vector reports high privileges required (PR:H), reflecting that the attacker must reach the archive-upload/open functionality of an authenticated user. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires that a Slopsmith user (operator of the instance) open a crafted PSARC or sloppak archive supplied by the attacker via Slopsmith's archive-extraction code paths (lib/psarc.py::unpack_psarc, lib/patcher.py::unpack_psarc, or lib/sloppak.py::_unpack_zip). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The 4.0 vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U scores 7.6, with full CIA impact on both the vulnerable Slopsmith container and the host (subsequent scope) because the default Docker image runs as root and a writable plugin path enables RCE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes a booby-trapped CDLC PSARC (or sloppak bundle) on a Rocksmith community site containing an entry whose filename is something like '../../app/plugins/evil.py'. When a Slopsmith user downloads and opens it, the extractor writes the payload into the plugin directory; because the default Docker container runs as root and Slopsmith auto-loads plugins, the payload executes with root privileges on the host. … |
| Remediation | Upgrade to Slopsmith 0.2.9-alpha.5 or later, which adds path validation to the PSARC and sloppak extractors (commit 9cccac12a, advisory GHSA-8wr9-348x-xwmr). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Slopsmith instances and enumerate users with archive upload permissions; search logs for any suspicious uploads or file write operations in unexpected directories. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Rated critical severity (C
## Abstract Trend Micro's Zero Day Initiative has identified a vulnerability affecting FlowiseAI Flowise. ## Vulnerabi
Keras Model.load_model can execute arbitrary code even with safe_mode=True by manipulating the config.json inside a .ker
Same weakness CWE-22 – Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38056