pocketmine/pocketmine-mp
A server software for Minecraft: Bedrock Edition written in PHP
Security Advisories for pocketmine/pocketmine-mp in packagist
High
2 months ago
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
packagist
pocketmine/pocketmine-mp
Moderate
8 months ago
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()
packagist
pocketmine/pocketmine-mp
High
over 1 year ago
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
packagist
pocketmine/pocketmine-mp
High
over 1 year ago
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
packagist
pocketmine/pocketmine-mp
High
about 2 years ago
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
packagist
pocketmine/pocketmine-mp
High
about 2 years ago
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
packagist
pocketmine/pocketmine-mp
High
over 2 years ago
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket
packagist
pocketmine/pocketmine-mp
High
over 2 years ago
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash
packagist
pocketmine/pocketmine-mp
High
over 2 years ago
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
packagist
pocketmine/pocketmine-mp
Moderate
over 2 years ago
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
packagist
pocketmine/pocketmine-mp
Moderate
almost 3 years ago
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses
packagist
pocketmine/pocketmine-mp
High
almost 3 years ago
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash
packagist
pocketmine/pocketmine-mp
High
about 3 years ago
PocketMine-MP invalid skin geometry JSON data leading to server crash
packagist
pocketmine/pocketmine-mp
High
over 3 years ago
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP
packagist
pocketmine/pocketmine-mp
Moderate
over 3 years ago
Denial-of-service vulnerability processing large chat messages containing many newlines
packagist
pocketmine/pocketmine-mp
High
over 3 years ago
Insufficient type validation in pocketmine/pocketmine-mp
packagist
pocketmine/pocketmine-mp
High
over 3 years ago
Improperly checked metadata on tools/armour itemstacks received from the client
packagist
pocketmine/pocketmine-mp
High
over 3 years ago
NaN/INF in serverbound movement packets can crash clients and servers
packagist
pocketmine/pocketmine-mp
Moderate
almost 4 years ago
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP
packagist
pocketmine/pocketmine-mp
High
almost 4 years ago
Unhandled exception when decoding form response JSON
packagist
pocketmine/pocketmine-mp
High
almost 4 years ago
Unchecked validity of Facing values in PlayerActionPacket
packagist
pocketmine/pocketmine-mp
High
almost 4 years ago
Uncapped length of skin data fields submitted by players
packagist
pocketmine/pocketmine-mp
Moderate
almost 4 years ago
Book page text, count, and author/title length is not limited in PocketMine-MP
packagist
pocketmine/pocketmine-mp
Low
almost 4 years ago
Inability to de-op players if listed in ops.txt with non-lowercase letters
packagist
pocketmine/pocketmine-mp
High
almost 5 years ago
Exploitable inventory component chaining in PocketMine-MP
packagist
pocketmine/pocketmine-mp