Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Argument Injection in RegionProtect
Vulnerability Description
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
参数注入或修改
Vulnerability Title
RegionProtect 参数注入漏洞
Vulnerability Description
RegionProtect是一个插件。 RegionProtect 1.1.0之前版本存在安全漏洞,该漏洞源于应用存在YAML注入问题。攻击者通过传递不匹配的参数利用该漏洞实现拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A