Описание
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service.
Ссылки
EPSS
Процентиль: 48%
0.00252
Низкий
Дефекты
CWE-1284
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash
EPSS
Процентиль: 48%
0.00252
Низкий
Дефекты
CWE-1284