Описание
FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.
Ссылки
- Patch
- Release Notes
- Vendor Advisory
- Patch
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.3 (исключая)
cpe:2.3:a:intellectualsites:fastasyncworldedit:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00242
Низкий
6.2 Medium
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-400
CWE-400
Связанные уязвимости
CVSS3: 6.2
github
больше 2 лет назад
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
EPSS
Процентиль: 47%
0.00242
Низкий
6.2 Medium
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-400
CWE-400