Back

CVE-2024-41565

Aug. 28, 2024, 5:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

JustEnoughItems (JEI) for Minecraft

  • 19.5.0.33 and before

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-28
CVE-2024-41565

CVE-2024-41565 details

Published : Aug. 28, 2024, 5:15 p.m.
Last Modified : Aug. 28, 2024, 5:15 p.m.

Description

JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication.

CVSS Score

1 2 3 4.3 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

Base Score

4.3

Exploitability Score

2.8

Impact Score

1.4

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

URL Source
https://gist.github.com/apple502j/05123abb1d1c89c31afde15a9b34e2ae cve@mitre.org
https://github.com/mezz/JustEnoughItems/commit/99ff43ba1009c44c6d935e2ab8a6c9292bb12873 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.