Denial of service attack (DoS) using mv command
denisdnu opened this issue ยท 3 comments
Information
-
Server version: This server is running Purpur version git-Purpur-1383 (MC: 1.17.1) (Implementing API version 1.17.1-R0.1-SNAPSHOT) (Git: 6856a5d on ver/1.17.1)
-
Full output of
/mv version -p
: https://paste.gg/p/anonymous/6ea470ec69c04180a81883ad5773935f -
Server log: REDACTED
Details
I was able to reproduce my issue on a freshly setup and up-to-date server with the latest version of Multiverse plugins with no other plugins and with no kinds of other server or client mods.
Description
Spigot server can be crashed or overloaded with specific mv command and without any specific permissions
Steps to reproduce
execute command:
mv __REDACTED__
Expected behavior
The server does not crash or experiences load growth
Screenshots
Can you test with the latest snapshot, download from http://ci.onarandombox.com/view/Multiverse/job/Multiverse-Core/
I fixed some issues with regex recently that may not have made it to release yet. Namely this commit 9ce2dfd
Not reproduced.
Now it says:
Sorry... No commands matched your filter: __REDACTED__
The server didn't crash or overloaded.