CVE-2022-24300 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-24300

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

Affected Software

Name	Vendor	Start Version	End Version
Minetest	Minetest	*	5.4.0 (excluding)
Minetest	Ubuntu	bionic	*
Minetest	Ubuntu	impish	*
Minetest	Ubuntu	trusty	*
Minetest	Ubuntu	upstream	*
Minetest	Ubuntu	xenial	*

References

https://bugs.debian.org/1004223
https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae
https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
https://www.debian.org/security/2022/dsa-5075
https://bugs.debian.org/1004223
https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae
https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
https://www.debian.org/security/2022/dsa-5075