Headline
CVE-2023-35925: Release 2.6.3 · IntellectualSites/FastAsyncWorldEdit
FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
- Enterprise
- Teams
- Startups
- Education
By Solution
- CI/CD & Automation
- DevOps
- DevSecOps
Case Studies
- Customer Stories
- Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
Repositories
* Topics
* Trending
* Collections
Pricing
In this repository All GitHub
No suggested jump to results
In this repository All GitHub
In this organization All GitHub
In this repository All GitHub
Sign in
Sign up
IntellectualSites / FastAsyncWorldEdit Public
- Notifications
- Fork 161
- Star 490
- Code
- Issues 43
- Pull requests 21
- Discussions
- Actions
- Projects 1
- Security
- Insights
More
- Releases
- 2.6.3
Latest
Latest
Compare
Choose a tag to compare
github-actions released this
12 Jun 10:13
· 18 commits to refs/heads/main since this release
2.6.3
956a518
This commit was signed with the committer’s verified signature.
NotMyFault Alexander Brandes
GPG key ID: 158F5701A6AAD00C
Learn about vigilant mode.
🚀 Major features
- Update to 1.20 and 1.20.1 @NotMyFault (#2276)
🐛 Fixes
- Update & Fix TownyFeature support. @LlmDl (#2279)
- Set proper field access and use mappings for entities on spigot @SirYwell (#2282)
- Improve exception handling on adapter loading @SirYwell (#2277)
✨ Features
- feat: prevent edits outside +/- 30,000,000 blocks @dordsor21 (#2285)
- Update & Fix TownyFeature support. @LlmDl (#2279)
Contributors
LlmDl, dordsor21, and 2 other contributors
Assets 3
Related news
### Coordinated Disclosure Timeline - 10.06.2023: Issue reported to IntellectualSites - 11.06.2023: Issue is acknowledged - 12.06.2023: Issue has been fixed - 22.06.2023: Advisory has been published ### Impacted version range Before 2.6.3 ### Details #### Proof of Concept As a user, do the following: 1. Select position 1 via `//pos1` 2. Select position 2 adding the "Infinity" keyword via `//pos2 Infinity` 3. Execute any further operation. The steps 1 and 2 are interchangeable. #### Impact Such a task has a possibility of bringing the performing server down. #### CVE - CVE-2023-35925 #### Credit This issue was discovered and [reported](https://github.com/IntellectualSites/.github/blob/main/SECURITY.md) by @SuperMonis. ### Solution On June 12, 2023, a patch, https://github.com/IntellectualSites/FastAsyncWorldEdit/pull/2285, has been merged addressing the vulnerability. We strongly recommend users to update their version of FastAsyncWorldEdit to 2.6.3 as soon as possible. ...