Security Advisories - pocketmine/pocketmine-mp - Packagist

pocketmine/pocketmine-mp Security Advisories for 4.0.0-BETA4 (11)

PocketMine-MP vulnerable to denial-of-service by sending large modal form responses

Affected version: <4.12.5

Reported by:
GitHub
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash

Affected version: <4.8.1

Reported by:
GitHub
PocketMine-MP invalid skin geometry JSON data leading to server crash

Affected version: <4.7.2

Reported by:
GitHub
Denial-of-service vulnerability processing large chat messages containing many newlines

Affected version: <4.2.10

Reported by:
GitHub
Insufficient type validation in pocketmine/pocketmine-mp

Affected version: <4.2.9

Reported by:
GitHub
Improperly checked metadata on tools/armour itemstacks received from the client

Affected version: <4.2.4

Reported by:
GitHub
Unhandled exception when decoding form response JSON

Affected version: >=4.0.0,<4.0.7

Reported by:
GitHub
Unchecked validity of Facing values in PlayerActionPacket

Affected version: <4.0.6

Reported by:
GitHub
Uncapped length of skin data fields submitted by players

Affected version: >=4.0.0,<4.0.5|<3.26.5

Reported by:
GitHub
Book page text, count, and author/title length is not limited in PocketMine-MP

Affected version: >=4.0.0,<4.0.5|<3.26.5

Reported by:
GitHub
Inability to de-op players if listed in ops.txt with non-lowercase letters

Affected version: <4.0.3

Reported by:
GitHub