/test.bbcode Secret
Last active
May 14, 2017 14:42
Star
You must be signed in to star a gist
Draft forum announcement
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Serious vulnerabilty in WorldEdit GUI: Server owners advised to update | |
Servers are advised to update their worldedit mods in order to | |
[url=https://github.com/Uberi/Minetest-WorldEdit/commit/0ce45a5900a7ae3ff952a9988df73c0a578f09ea]patch[url] | |
a remote code execution vulnerability. | |
Before this patch, any player could run arbitrary Lua code. This allowed them to do anything a mod can do - | |
such as granting privs, changing settings, or shutting down the server. | |
If mod security is disabled, they would be able to run terminal commands and gain access to the user on the | |
server running Minetest. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment