GMS-2022-458: Improperly checked metadata on tools/armour itemstacks received from the client
(updated )
Due to a workaround applied in 1.13, an attacker may send a negative damage/meta value in a tool or armour item’s NBT, which TypeConverter
then blindly uses as if it was valid without being checked.
When this invalid metadata value reaches Durable->setDamage()
, an exception is thrown because the metadata is not within the expected range for damage values.
References
Detect and mitigate GMS-2022-458 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →