Skip to content

Instantly share code, notes, and snippets.

@rubenwardy
Last active May 14, 2017 14:42
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save rubenwardy/12c49e1d18b1d97a2378851b03a7599e to your computer and use it in GitHub Desktop.
Draft forum announcement
# Serious vulnerabilty in WorldEdit GUI: Server owners advised to update
Servers are advised to update their worldedit mods in order to
[url=https://github.com/Uberi/Minetest-WorldEdit/commit/0ce45a5900a7ae3ff952a9988df73c0a578f09ea]patch[url]
a remote code execution vulnerability.
Before this patch, any player could run arbitrary Lua code. This allowed them to do anything a mod can do -
such as granting privs, changing settings, or shutting down the server.
If mod security is disabled, they would be able to run terminal commands and gain access to the user on the
server running Minetest.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment