Vulnerability Description
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Regionprotect Project | Regionprotect | < 1.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eabPatchThird Party Advisory
- https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2rPatchThird Party Advisory
- https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eabPatchThird Party Advisory
- https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2rPatchThird Party Advisory
FAQ
What is CVE-2022-29215?
CVE-2022-29215 is a vulnerability with a CVSS score of 7.5 (HIGH). RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server cr...
How severe is CVE-2022-29215?
CVE-2022-29215 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29215?
Check the references section above for vendor advisories and patch information. Affected products include: Regionprotect Project Regionprotect.