<p>Upgrade <code>pocketmine/pocketmine-mp</code> to version 5.11.1 or higher.</p>

Unchecked Return Value Affecting pocketmine/pocketmine-mp package, versions <5.11.1

Snyk CVSS

Attack Complexity Low

Availability High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-POCKETMINEPOCKETMINEMP-6411441
published 7 Mar 2024
disclosed 6 Mar 2024
credit MrDiamond64

Report a new vulnerability Found a mistake?

Introduced: 6 Mar 2024

CWE-252 Open this link in a new tab

How to fix?

Upgrade pocketmine/pocketmine-mp to version 5.11.1 or higher.

Overview

pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP

Affected versions of this package are vulnerable to Unchecked Return Value due to the processing of certain invalid JSON payloads in LoginPacket. An attacker could crash the server by sending malformed JWT JSON.

References

GitHub Commit
GitHub Commit
GitHub Issue
Vulnerable Code