| Title |
Severity |
Exploit |
Date |
Affected Version |
|
PocketMine-MP invalid skin geometry JSON data leading to server crash
|
High
|
|
Aug 18, 2022
|
< 4.7.2
|
|
Denial-of-service vulnerability processing large chat messages containing many newlines
|
Medium
|
|
May 25, 2022
|
< 4.2.10
|
|
Insufficient type validation in pocketmine/pocketmine-mp
|
High
|
|
Apr 22, 2022
|
< 4.2.9
|
|
Improperly checked metadata on tools/armour itemstacks received from the client
|
High
|
|
Mar 18, 2022
|
< 4.2.4
|
|
NaN/INF in serverbound movement packets can crash clients and servers
|
High
|
|
Mar 18, 2022
|
< 3.18.1
|
|
Unchecked validity of Facing values in PlayerActionPacket
|
High
|
|
Jan 13, 2022
|
< 4.0.6
|
|
Uncapped length of skin data fields submitted by players
|
High
|
|
Jan 6, 2022
|
< 3.26.5
>= 4.0.0 < 4.0.5
|
|
Book page text, count, and author/title length is not limited in PocketMine-MP
|
Medium
|
|
Jan 6, 2022
|
< 3.26.5
>= 4.0.0 < 4.0.5
|
|
Inability to de-op players if listed in ops.txt with non-lowercase letters
|
Low
|
|
Dec 16, 2021
|
< 4.0.3
|
|
Exploitable inventory component chaining in PocketMine-MP
|
High
|
|
Nov 11, 2020
|
< 3.15.4
|
pocketmine / pocketmine-mp