CVE-2024-41564

EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in EMI mod for Minecraft, which allows in-game item duplication...

CVE-2024-43395 CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without...

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Cybersecurity researchers have disclosed details of a new distributed denial-of-service DDoS attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack...

New Panamorfi DDoS Attack Exploits Misconfigured Jupyter Notebooks

"Panamorfi," a new DDoS attack, exploits Discord, Minecraft, and Jupyter Notebooks. Cybersecurity researchers warn of this threat targeting…...

Malicious code in minecraft-utilities-api (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5367 Malicious code in minecraft-utilities-api (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in MinecraftCоnnectiоn (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4545 Malicious code in MinecraftCоnnectiоn (NuGet)

--- -= Per source details. Do not edit below this line.=-...

zEus Stealer’s Undercover Operation on YouTube and Minecraft

...

Malicious code in minecraft-net-core-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f97497c110046a45568566b17a35f8df5e95864b8438367d9b12c538d3d59deb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-31446

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

CVE-2024-31446

OpenComputers vulnerable prior to version 1.8.4 (and GregTech: New Horizons pre-patch 1.10.10-GTNH). A user can cause a Computer thread to hang in the Lua VM via xpcall, which can eventually block the Server thread and require a server restart. LuaJ is reported not to have this issue. The vulnera...

CVE-2024-31446 OpenComputers Denial of Service using xpcall

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

CVE-2024-31446 OpenComputers Denial of Service using xpcall

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

Crafting Shields: Defending Minecraft Servers Against DDoS Attacks

Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service DDoS attacks, threatening server functionality, player experience, and the game's reputation. Despite the prevalence of DDoS attacks on the game, the...

MCRPX Security Vulnerabilities

MCRPX is a tool for extracting files from resource packs of Minecraft: Java Edition to selected directories by individual developer Michal Spišak in the Czech Republic. A security vulnerability exists in Speedy11CZ MCRPX v.1.4.0 and earlier versions, which stems from the presence of a directory...

Crafty Controller Security Vulnerability

Crafty Controller is a Minecraft server control panel/launcher. A security vulnerability exists in Crafty Controller that stems from the presence of a host header injection vulnerability that allows an unauthenticated, remote attacker to trigger a denial of service DoS via a modified host header...

CVE-2024-24756 Crafatar path traversal vulnerability

Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...

CVE-2024-24756

CVE-2024-24756 is a path traversal vulnerability in Crafatar. Affected: Crafatar versions prior to 2.1.5, including Docker deployments; Cloudflare-protected or external CDN setups are not affected. The issue allows requesting files outside the lib/public directory from within the container, with ...

Minecraft Server: Remote Code Execution

Background Minecraft Server is the official server for the sandbox video game. Description A vulnerability has been discovered in Minecraft Server. Please review the CVE identifier referenced below for details. Impact Vulnerable Minecraft Server versions include a bundled version of log4j which i...