9.8

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MinetestMinetest Version < 5.4.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.66% 0.736
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://bugs.debian.org/1004223
Patch
Third Party Advisory
Mailing List
https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae
Patch
Third Party Advisory
https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
Patch
Third Party Advisory
https://www.debian.org/security/2022/dsa-5075
Third Party Advisory
Mailing List