Regex Catastrophic Backtracking
MarioFinale opened this issue ยท 1 comments
Information
-
Server version: Paper version git-Paper-119 (MC: 1.17.1) (Implementing API version 1.17.1-R0.1-SNAPSHOT) (Git: f25facb)
-
Full output of
/mv version -p
: https://paste.gg/p/anonymous/2875486d61984fc58695bd9bbfd2573b -
Server log: https://paste.gg/p/anonymous/2c711e7c2d5d4ded9619db009b75599e
Details
Multiverse core crashes the server if any player issues the command /mv <removed>
.
Description
Regex abuse (Catastrophic Backtracking).
Steps to reproduce
Type /mv <removed>
as any player. Regardless of permissions.
Expected behavior
Deny access to the command
This has been actively abused on multiple servers.
As a temporary workaround I recommend checking permissions before parsing the command so can be limited only to players with permissions.
Duplicate of #2703. Update your multiverse plugin.