Remote code execution

Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...

mrpack-install 路径遍历漏洞

mrpack-install is a cli application for installing Minecraft servers and Modrinth modpacks by Florian H. Individual developer. A security vulnerability exists in mrpack-install version 0.16.2 and earlier versions, which stems from the presence of a path traversal vulnerability...

GHSA-R887-GFXH-M9RR mrpack-install vulnerable to path traversal with dependency

Impact Importing a malicious .mrpack file can cause path traversal while downloading files. This can lead to scripts or config files being placed or replaced at arbitrary locations, without the user noticing. Patches No patches yet. Workarounds Avoid importing .mrpack files from untrusted sources...

Malware infected Minecraft modpacks hit Google Play Store

By Deeba Ahmed According to researchers, Minecraft continues to attract the hacking community and a massive increase in infected, malware-laden Minecraft mods. This is a post from HackRead.com Read the original post: Malware infected Minecraft modpacks hit Google Play Store...

'Minecraft Mods' Attack More Than 1 Million Android Devices

Scammers are taking advantage of the Minecraft sandbox video game’s wild success by developing Google Play apps which appear to be Minecraft modpacks, but instead deliver abusive ads, according to researchers. Since July, Kaspersky researchers have found more than 20 of these apps and determined...