GHSA-H6J3-J35F-V2X7 PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. netresearch/jsonmapper allows objects to be hydrated from scalar types in JSON. However, due to the lack of validation in the code for this feature, it may output improperly initialized objects if applied to...

PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to the particular handling of NULL types in the json mapper which accepts NULL type values in typed arrays which PocketMine-MP did not expect. Code processing arrays in the JSON data could the...

PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to a bug in netresearch/jsonmapper. The library wasn't doing proper checks when mapping JSON arrays and objects onto scalar model properties such as strings. Patches The problem was fixed in a...