Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
{ "binaries": [ { "binary_version": "2:0.17.1-1", "binary_name": "crawl" }, { "binary_version": "2:0.17.1-1", "binary_name": "crawl-common" }, { "binary_version": "2:0.17.1-1", "binary_name": "crawl-tiles" }, { "binary_version": "2:0.17.1-1", "binary_name": "crawl-tiles-data" } ] }
{ "binaries": [ { "binary_version": "2:0.21.1-1", "binary_name": "crawl" }, { "binary_version": "2:0.21.1-1", "binary_name": "crawl-common" }, { "binary_version": "2:0.21.1-1", "binary_name": "crawl-tiles" }, { "binary_version": "2:0.21.1-1", "binary_name": "crawl-tiles-data" } ] }
{ "binaries": [ { "binary_version": "2:0.24.0-1build1", "binary_name": "crawl" }, { "binary_version": "2:0.24.0-1build1", "binary_name": "crawl-common" }, { "binary_version": "2:0.24.0-1build1", "binary_name": "crawl-tiles" }, { "binary_version": "2:0.24.0-1build1", "binary_name": "crawl-tiles-data" } ] }