Multiverse-Core

Multiverse-Core

6M Downloads

Regex Catastrophic Backtracking

MarioFinale opened this issue ยท 1 comments

commented

Information

Details

Multiverse core crashes the server if any player issues the command /mv <removed>.

Description
Regex abuse (Catastrophic Backtracking).

Steps to reproduce
Type /mv <removed> as any player. Regardless of permissions.

Expected behavior
Deny access to the command

This has been actively abused on multiple servers.
As a temporary workaround I recommend checking permissions before parsing the command so can be limited only to players with permissions.

commented

Duplicate of #2703. Update your multiverse plugin.