| Title |
Severity |
Exploit |
Date |
Affected Version |
|
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses
|
Medium
|
|
Jan 10, 2023
|
< 4.12.5
|
|
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash
|
High
|
|
Jan 9, 2023
|
< 4.8.1
|
|
PocketMine-MP invalid skin geometry JSON data leading to server crash
|
High
|
|
Aug 18, 2022
|
< 4.7.2
|
|
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP
|
High
|
|
Jun 7, 2022
|
>= 4.0.0-BETA5 < 4.4.2
|
|
Denial-of-service vulnerability processing large chat messages containing many newlines
|
Medium
|
|
May 25, 2022
|
< 4.2.10
|
|
Insufficient type validation in pocketmine/pocketmine-mp
|
High
|
|
Apr 22, 2022
|
< 4.2.9
|
|
Improperly checked metadata on tools/armour itemstacks received from the client
|
High
|
|
Mar 18, 2022
|
< 4.2.4
|
|
NaN/INF in serverbound movement packets can crash clients and servers
|
High
|
|
Mar 18, 2022
|
< 3.18.1
|
|
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP
|
Medium
|
|
Jan 21, 2022
|
>= 3.0.0 < 4.0.0
|
|
Unhandled exception when decoding form response JSON
|
High
|
|
Jan 21, 2022
|
>= 4.0.0 < 4.0.7
|
pocketmine / pocketmine-mp