CVE-2023-35925

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-35925

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35925.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-35925

Aliases

GHSA-whj9-m24x-qhhp

Published

2023-06-23T16:15:09Z

Modified

2024-10-12T10:58:38.729020Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.

References

Affected packages

Git / github.com/intellectualsites/fastasyncworldedit

Affected ranges

Type: GIT
Repo: https://github.com/intellectualsites/fastasyncworldedit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

956a5182381e64c2e1959452a2c780e16ea31492

Affected versions

1.*

1.15-1.17

2.*

2.0.0

2.0.1

2.1.0

2.1.2

2.2.0

2.3.0

2.4.0

2.4.1

2.4.10

2.4.2

2.4.3

2.4.4

2.4.6

2.4.7

2.4.8

2.4.9

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.6.2