6 matches found
CVE-2024-41799
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...
CVE-2024-41799
creationtimestamp| type| source ---|---|--- 2024-07-29 17:57:54+00:00| seen| https://t.me/cvedetector/1853...
CVE-2024-41799
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...
CVE-2024-41799 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...
CVE-2024-41799 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...
CVE-2024-41799
Summary: CVE-2024-41799 affects tgstation-server (BYOND server management). Prior to version 6.8.0, low-permission users with the “Set .dme Path” privilege could cause malicious .dme files on the host to be compiled and executed, potentially leading to remote code execution via BYOND’s shell() pr...