exploitDog

CVE-2025-62782

Опубликовано: 27 окт. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.4-SNAPSHOT.

Ссылки

https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494
Patch
https://github.com/Phoenix616/InventoryGui/issues/51
Issue Tracking
https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-rgvh-4m82-fvjq
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phoenix616:inventorygui:*:*:*:*:*:*:*:*

Версия до 1.6.4 (исключая)

EPSS

Процентиль: 12%

0.0004

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-837

Связанные уязвимости

GHSA-rgvh-4m82-fvjq

github

3 месяца назад

InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement

EPSS

Процентиль: 12%

0.0004

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-837