CVE Vulnerabilities

CVE-2022-24300

Published: Feb 02, 2022 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

Affected Software

Name Vendor Start Version End Version
Minetest Minetest * 5.4.0 (excluding)
Minetest Ubuntu bionic *
Minetest Ubuntu impish *
Minetest Ubuntu trusty *
Minetest Ubuntu upstream *
Minetest Ubuntu xenial *

References