3 matches found
CVE-2023-35925
The CVE-2023-35925 entry refers to FastAsyncWorldEdit (FAWE). The vulnerability arises when a user selects a region using the Infinity keyword (case-sensitive) and performs an operation, which can lead to a Denial of Service on the server. The issue has been fixed in FAWE version 2.6.3. No additi...
com.fastasyncworldedit:FastAsyncWorldEdit-CLI (>=2.0.0 <=2.13.2) potentially affected by CVE-2023-35925 via com.fastasyncworldedit:FastAsyncWorldEdit-Core (>=2.0.0 <=2.6.2)
com.fastasyncworldedit:FastAsyncWorldEdit-Core MAVEN version =2.0.0, =2.0.0, =2.13.2 Source cves: CVE-2023-35925 Source advisory: OSV:GHSA-WHJ9-M24X-QHHP...
GHSA-WHJ9-M24X-QHHP FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Coordinated Disclosure Timeline - 10.06.2023: Issue reported to IntellectualSites - 11.06.2023: Issue is acknowledged - 12.06.2023: Issue has been fixed - 22.06.2023: Advisory has been published Impacted version range Before 2.6.3 Details Proof of Concept As a user, do the following: 1. Select...