Описание
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| minetest | fixed | 5.4.1+repack-1 | package | |
| minetest | end-of-life | stretch | package |
Примечания
https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae (5.4.0)
When fixing this issue the fix for GHSA-7q63-4fq2-hqcr should be included,
which is not a vulnerability by itself, and won't get a CVE assigned:
https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr
https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (5.2.0)
EPSS
Связанные уязвимости
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
EPSS