9.8
CVE-2022-24300
- EPSS 1.66%
- Veröffentlicht 02.02.2022 06:15:06
- Zuletzt bearbeitet 21.11.2024 06:50:07
- CVE-Watchlists
- Unerledigt
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.66% | 0.736 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
https://bugs.debian.org/1004223
https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae
https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
https://www.debian.org/security/2022/dsa-5075