pocketmine/pocketmine-mp Security Advisories for 5.2.1 (5)
-
[MEDIUM] PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()
PKSA-1y47-vhgh-zq2y GHSA-g274-c6jj-h78p
Affected version: <5.25.2
Reported by:
GitHub -
[HIGH] PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
PKSA-7cft-g1hs-ddc8 GHSA-h6j3-j35f-v2x7
Affected version: <5.11.1
Reported by:
GitHub -
[HIGH] PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
PKSA-krv9-c6mg-smc2 GHSA-xc7j-wj36-qjfr
Affected version: <5.11.2
Reported by:
GitHub -
[HIGH] PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
PKSA-nv2r-zxzd-wzsw GHSA-92jh-gwch-jq38
Affected version: <=4.23.0|>=5.0.0,<=5.3.0
Reported by:
GitHub -
[HIGH] PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
PKSA-1sh5-spwn-dqsp GHSA-79rc-jjh6-rc89
Affected version: >=5.2.0,<5.3.1
Reported by:
GitHub