CVE-2023-37261 OpenComputers's SSRF to cloud service metadata services and local IPv6 addresses not blocked by default

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is...

CVE-2023-37261 OpenComputers's SSRF to cloud service metadata services and local IPv6 addresses not blocked by default

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is...

CVE-2023-37261

OpenComputers is affected by CVE-2023-37261. The issue affects OpenComputers versions 1.2.0 through 1.8.3 in default configurations where the Internet Card is enabled. The root cause is that metadata-service endpoints used by cloud providers (e.g., AWS, GCP, Azure) are not properly blocked, enabl...

Tweaked 代码问题漏洞

Minecraft My World is a Swedish sandbox game by Mojang. Tweaked suffers from a code issue vulnerability. Attackers use the vulnerability to gain access to sensitive information in order to elevate privileges...

mrpack-install 路径遍历漏洞

mrpack-install is a cli application for installing Minecraft servers and Modrinth modpacks by Florian H. Individual developer. A security vulnerability exists in mrpack-install version 0.16.2 and earlier versions, which stems from the presence of a path traversal vulnerability...

Minecraft Community on High Alert as Malware Infects Popular Mods

By Waqas Dubbed Fracturizer, researchers delving into the malware's GitHub repository have classified this malware as "extraordinarily perilous. This is a post from HackRead.com Read the original post: Minecraft Community on High Alert as Malware Infects Popular Mods...

CVE-2023-33245

Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...

CVE-2023-33245

Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...

CVE-2023-33245

Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...

Code injection

Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...

CVE-2023-33245

Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...

PT-2023-24241 · Mojang · Minecraft

Name of the Vulnerable Software and Affected Versions: Minecraft versions 1.19 through 1.20 pre-releases before 7 Java Description: The issue allows for arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. Recommendations: For Minecraft versions...

Minecraft 后置链接漏洞

Minecraft My World is a Swedish sandbox game by Mojang. A security vulnerability exists in Minecraft version 1.19, versions prior to 1.20 pre-releases 7. An attacker exploited the vulnerability to overwrite arbitrary files with specially crafted world data containing symbolic links and potentiall...

CVE-2023-33245

Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...

CVE-2023-33245

Minecraft is affected: versions 1.19 through 1.20 pre-releases before 7 (Java) are vulnerable via crafted world data containing a symlink, enabling arbitrary file overwrite and potentially code execution. Root cause: world data with symlink exposure. Exploitation status: no in-wild exploit detail...

Design/Logic Flaw

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

CVE-2023-30859

Triton (Minecraft plugin for Spigot/BungeeCord) is affected. The vulnerability stems from the CustomPayload packet allowing execution of commands on the spigot/bukkit console when bungee mode is enabled, broadcasting the triton:main channel. Attackers could send a payload (byte 2 + string command...

CVE-2023-30859 Spigot Command Exploit in Triton

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

PT-2023-23015 · Triton +2 · Triton +2

Name of the Vulnerable Software and Affected Versions: Triton versions prior to 3.8.4 Description: The issue affects the Triton Minecraft plugin for Spigot and BungeeCord, allowing execution of commands on the spigot/bukkit console through the CustomPayload packet. When bungee mode is enabled in...

Triton 安全漏洞

Triton is a Minecraft plugin used to improve the multi-language support of Minecraft! A security vulnerability exists in Triton versions prior to 3.8.4, which stems from CustomPayload packets allowing commands to be executed on the console...