Ticket #45299

Vulnerability with crafted modpack URL

오픈 날짜: 2022-08-05 06:22 마지막 업데이트: 2022-08-05 07:17

Reporter:
소유자:
Type:
Status:
Closed
Component:
MileStone:
Priority:
5 - Medium
Severity:
5 - Medium
Resolution:
Fixed
File:
2

Details

Included Modpack Installer utility in freeciv versions < 2.6.7, and < 3.0.3 in freeciv-3.0 series, has a vulnerability in how it handles modpack URLs. Bad things can happen if an attacker can persuade user to enter their specifically crafted URL to the modpack installer.

This vulnerability has been fixed in freeciv-2.6.7 and freeciv-3.0.3.

Also a patch applicable for some of the earlier releases is attached.

Ticket History (3/4 Histories)

2022-08-05 06:22 Updated by: cazfi
  • New Ticket "Vulnerability (placeholder ticket)" created
2022-08-05 07:17 Updated by: cazfi
  • Status Update from Open to Closed
  • Resolution Update from None to Fixed
  • Component Update from (None) to Modpack Installer
  • Details Updated
  • Summary Updated

Edit

Please login to add comment to this ticket » Login