CVE-2022-24300

critical

Description

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

References

Advisories

https://www.debian.org/security/2022/dsa-5075

https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf

https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae

https://bugs.debian.org/1004223

Details

Source: Mitre, NVD

Published: 2022-02-02

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00678

Detections

Analytics