5.9
CVE-2025-62782
- EPSS 0.24%
- Veröffentlicht 27.10.2025 20:50:07
- Zuletzt bearbeitet 04.11.2025 13:23:24
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginInventoryGUI vulnerable to item duplication via Bundle items when using GuiStorageElement
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.4-SNAPSHOT.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phoenix616 ≫ Inventorygui Version < 1.6.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.146 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security-advisories@github.com | 5.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-837 Improper Enforcement of a Single, Unique Action
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.
https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-rgvh-4m82-fvjq
https://github.com/Phoenix616/InventoryGui/issues/51
https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494