Lucene search

[email protected]NVD:CVE-2023-35925

HistoryJun 23, 2023 - 4:15 p.m.

CVE-2023-35925

2023-06-2316:15:09

CWE-400

[email protected]

web.nvd.nist.gov

fastasyncworldedit

vulnerability

server takedown

fixed version 2.6.3

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.

Affected configurations

Nvd

Node

intellectualsitesfastasyncworldeditRange<2.6.3

VendorProductVersionCPE
intellectualsitesfastasyncworldedit*cpe:2.3:a:intellectualsites:fastasyncworldedit:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intellectualsites	fastasyncworldedit	*	cpe:2.3:a:intellectualsites:fastasyncworldedit::::::::

References

github.com/IntellectualSites/FastAsyncWorldEdit/pull/2285

github.com/IntellectualSites/FastAsyncWorldEdit/releases/tag/2.6.3

github.com/IntellectualSites/FastAsyncWorldEdit/security/advisories/GHSA-whj9-m24x-qhhp

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-35925

prion1 osv2 cve1 github1 veracode1 cvelist1