Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.6 views

SUSE CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS9.3AI score0.0166EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/04/22 8:57 p.m.17 views

Insufficient type validation in pocketmine/pocketmine-mp

Impact When an inventory interaction is performed e.g. moving an item around an inventory, the client sends a serialized version of the itemstack to the server, which the server then deserializes and compares against its own copy. If the copies don't match, the transaction is invalid. This involv...

6.7AI score
Exploits0References5Affected Software1
OSV
OSV
added 2022/04/22 8:57 p.m.11 views

GHSA-G5RR-P69H-7V3G Insufficient type validation in pocketmine/pocketmine-mp

Impact When an inventory interaction is performed e.g. moving an item around an inventory, the client sends a serialized version of the itemstack to the server, which the server then deserializes and compares against its own copy. If the copies don't match, the transaction is invalid. This involv...

7.5CVSS6.7AI score
Exploits0References5
OSV
OSV
added 2022/03/18 10:36 p.m.14 views

GHSA-46C5-PFJ8-FV65 Improperly checked metadata on tools/armour itemstacks received from the client

Impact Due to a workaround applied in 1.13, an attacker may send a negative damage/meta value in a tool or armour item's NBT, which TypeConverter then blindly uses as if it was valid without being checked. When this invalid metadata value reaches Durable-setDamage, an exception is thrown because...

7.5CVSS6.7AI score
Exploits0References3
Veracode
Veracode
added 2022/02/08 6:19 a.m.13 views

Injection Vulnerability

Minetest is vulnerable to injection vulnerability. An attacker is able to exploit the vulnerability by adding or modifying arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS3.9AI score0.0166EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2022/02/02 6:15 a.m.15 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS7.3AI score0.0166EPSS
Exploits0References6
OSV
OSV
added 2022/02/02 6:15 a.m.2 views

UBUNTU-CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS5.9AI score0.0166EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2022/02/02 6:1 a.m.19 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS9.7AI score0.0166EPSS
Exploits0
Rows per page
Query Builder