ALT Linux Team

Package minetest update in sisyphus on 2021-03-08

ALT-PU-2021-1448-1

Package minetest updated to version 5.4.0-alt1 for branch sisyphus in task 267459.

Closed vulnerabilities

Published: 2022-02-02
Modified: 2024-11-21

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-02-02
Modified: 2024-11-21

CVE-2022-24301

In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top