Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43819: Product improperly handles vehicles when operating on MC 1.12.2+, causing data and passenger duplication.

Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release 0.11.5.1. Users are advised to upgrade. There are no known workarounds for this issue.

CVE
Open in Source
#java#perl#maven

Package

maven net.TheDgtl.Stargate.Portal (Maven)

Affected versions

> 0.7.9.11

Patched versions

> 0.11.5.1 (Unified Legacy Versions / Rewritten Versions); and 0.10.9.X, 0.9.5.X (Post 1.12 ESR Releases)

Description

Scope:

  • All versions of StarGate running code that is derivative of Drakia’s vehicle solution on 1.12.2+ instances.
  • As only versions above 0.7.9.11 are able to run on 1.12.2+, that is the earliest known version with this issue.
  • This issue impacts the default configuration and can be exploited by all players.

Method:

  • Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items.
  • This is likely a result of an antiquated transportation method, wherein the minecart is deleted and recreated instead of teleported.

Analysis:

  • The original method used for transporting vehicles was to delete their entity and recreate it at the intended destination.
    • Originally, when deleting an entity, its contents and passengers would be removed.
    • After MC 1.12.2, when deleted, an entity’s contents and passengers drop.
  • Momentum issues impact the minecart’s behaviour; in some cases, they will re-enter portals into a loop.

Details:****FROM NORTH:

  • If going WEST, dupes in WEST.
  • If going SOUTH, dupes in SOUTH.
  • If going EAST, dupes in EAST.

FROM SOUTH:

  • If going NORTH, switches to NORTH to SOUTH, then dupes south.
  • If going EAST, double dupes.
  • If going WEST, switches to WEST to SOUTH, then dupes SOUTH.

From EAST

  • If going WEST, switches to WEST to EAST, then dupes EAST
  • If going NORTH, switches to NORTH to EAST, then dupes EAST.
  • If going SOUTH, double dupes.

From WEST

  • If going EAST, dupes EAST.
  • If going NORTH, dupes NORTH.
  • If going SOUTH, dupes SOUTH.

Impacted Projects

  • Our upstream, PseudoKnight
  • All forks of our upstream, including older branches of our project and our downstream.
  • Any 1.12 compatible forks of the origin (theDgtl), notably including mejohn.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE