Minecraft declared the most malware-infected game

By Waqas According to new research by Atlas VPN, Minecraft related malware infected 44,335 devices while Kaspersky antivirus software detected 300,000 malware cases. This is a post from HackRead.com Read the original post: Minecraft declared the most malware-infected game...

Path Traversal in alanaktion/mchostpanel

✍️ Description A Path Traversal vulnerability was identified in Minecraft server control panel which allows an attacker to access arbitrary user resources. 🕵️‍♂️ Proof of Concept console POST /ajax.php HTTP/1.1 Host: localhost:8080 User-Agent: curl/7.47.0 Accept: / Content-Length: 45 Content-Type:...

CVE-2021-39177

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch f...

CVE-2021-39177

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch f...

Design/Logic Flaw

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch f...

CVE-2021-39177 User impersonation due to incorrect handling of the login JWT

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch f...

CVE-2021-39177

Summary: CVE-2021-39177 affects Geyser versions prior to 1.4.2-SNAPSHOT, where an attacker who can connect to a server can forge a LoginPacket with a manipulated JWT token to impersonate any user. The issue is mitigated by upgrading to 1.4.2-SNAPSHOT or later, which includes a patch. Other workar...

CVE-2021-37632

SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. The versions of SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are affected by a vulnerability and can be exploited on both servers and clients. Using SuperMartijn642's Config Lib, servers will send a...

Design/Logic Flaw

SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. The versions of SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are affected by a vulnerability and can be exploited on both servers and clients. Using SuperMartijn642's Config Lib, servers will send a...

CVE-2021-37632

CVE-2021-37632 affects SuperMartijn642's Config Lib (versions 1.0.4–1.0.8) used by Minecraft mods. The flaw arises when servers send a packet containing config values and the client reads data with ObjectInputStream.readObject(), which can instantiate arbitrary classes from unvalidated input, pot...

CVE-2021-37632 Deserialization of Untrusted Data in com.supermartijn642.configlib.ConfigSyncPacket

SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. The versions of SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are affected by a vulnerability and can be exploited on both servers and clients. Using SuperMartijn642's Config Lib, servers will send a...

Minecraft 代码问题漏洞

Minecraft My World is a Swedish sandbox game by Mojang. Minecraft SuperMartijn642 A code issue vulnerability exists that stems from the use of SuperMartijn642's Config Lib, where the server will send a packet with server configuration values to the client...

Minecraft Java Edition vulnerable to directory traversal

Overview Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability CWE-22. RyotaK reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the...

JVN#53278122: Minecraft Java Edition vulnerable to directory traversal

Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability CWE-22. Impact Arbitrary JSON files on the system using the product may be deleted by an attacker. Solution Update Minecraft Update Minecraft to the latest version according to the information provided ...

CVE-2021-35054

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files...

CVE-2021-35054

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files...

Path traversal

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files...

CVE-2021-35054

Summary (CVE-2021-35054): Minecraft Java Edition (pre-1.17.1) is vulnerable to a directory/path traversal when online-mode=false, allowing deletion of arbitrary JSON files on the host. The root cause is a directory traversal flaw in the affected Minecraft build, enabling unauthorized file deletio...

CVE-2021-35054

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files...

Minecraft 路径遍历漏洞

Minecraft My World is a Swedish sandbox game by Mojang. Minecraft had a path traversal vulnerability prior to 1.17.1 that originated when online-mode=false was configured to allow path traversal to delete arbitrary JSON files...