//line command vulnerability
fadfhkdfga opened this issue ยท 1 comments
WorldEdit Version
7.2.16
Platform Version
paper 1.20.1
Confirmations
- I am using the most recent Minecraft release.
- I am using a version of WorldEdit compatible with my Minecraft version.
- I am using the latest or recommended version of my platform software.
- I am NOT using a hybrid server, e.g. a server that combines Bukkit and Forge. Examples include Arclight, Mohist, and Cardboard.
- I am NOT using a fork of WorldEdit, such as FastAsyncWorldEdit (FAWE) or AsyncWorldEdit (AWE)
Bug Description
[19:57:51] [Server thread/INFO]: Anonymous issued server command: //limit 1000
[20:00:30] [Server thread/INFO]: Anonymous issued server command: //line gold_block 1 :)
[20:00:31] [Server thread/INFO]: Anonymous issued server command: //line gold_block 2 :)
[20:00:33] [Server thread/INFO]: Anonymous issued server command: //line gold_block 10 :|
[20:00:36] [Server thread/INFO]: Anonymous issued server command: //line gold_block 100 :(
[20:00:46] [Paper Watchdog Thread/ERROR]: --- DO NOT REPORT THIS TO PAPER - THIS IS NOT A BUG OR A CRASH - git-Paper-196 (MC: 1.20.1) ---
[20:00:46] [Paper Watchdog Thread/ERROR]: The server has not responded for 10 seconds! Creating thread dump
[20:00:46] [Paper Watchdog Thread/ERROR]: ------------------------------
[20:00:46] [Paper Watchdog Thread/ERROR]: Server thread dump (Look for plugins here before reporting to Paper!):
[20:00:46] [Paper Watchdog Thread/ERROR]: ------------------------------
[20:00:46] [Paper Watchdog Thread/ERROR]: Current Thread: Server thread
[20:00:46] [Paper Watchdog Thread/ERROR]: PID: 42 | Suspended: false | Native: false | State: RUNNABLE
[20:00:46] [Paper Watchdog Thread/ERROR]: Stack:
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.util.HashMap$TreeNode.putTreeVal(HashMap.java:2168)
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.util.HashMap.putVal(HashMap.java:636)
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.util.HashMap.put(HashMap.java:610)
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.util.HashSet.add(HashSet.java:221)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.EditSession.getBallooned(EditSession.java:2599)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.EditSession.drawLine(EditSession.java:2524)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.command.RegionCommands.line(RegionCommands.java:149)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.command.RegionCommandsRegistration.cmd$_line(RegionCommandsRegistration.java:422)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.command.RegionCommandsRegistration$$Lambda$6571/0x000002d0c8eeea70.run(Unknown Source)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//org.enginehub.piston.CommandManager.execute(CommandManager.java:157)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.extension.platform.PlatformCommandManager.handleCommand(PlatformCommandManager.java:497)
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.lang.invoke.LambdaForm$DMH/0x000002d0c8009400.invokeSpecial(LambdaForm$DMH)
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.lang.invoke.LambdaForm$MH/0x000002d0c8ea4000.invoke(LambdaForm$MH)
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.lang.invoke.LambdaForm$MH/0x000002d0c94e0400.invokeExact_MT(LambdaForm$MH)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.util.eventbus.MethodHandleEventHandler.dispatch(MethodHandleEventHandler.java:51)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.util.eventbus.EventHandler.handleEvent(EventHandler.java:73)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.util.eventbus.EventBus.dispatch(EventBus.java:193)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.util.eventbus.EventBus.post(EventBus.java:181)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.worldedit.bukkit.WorldEditPlugin.onCommand(WorldEditPlugin.java:390)
[20:00:46] [Paper Watchdog Thread/ERROR]: worldedit-bukkit-7.2.16.jar//com.sk89q.bukkit.util.DynamicPluginCommand.execute(DynamicPluginCommand.java:55)
[20:00:46] [Paper Watchdog Thread/ERROR]: org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:155)
[20:00:46] [Paper Watchdog Thread/ERROR]: org.bukkit.craftbukkit.v1_20_R1.CraftServer.dispatchCommand(CraftServer.java:987)
[20:00:46] [Paper Watchdog Thread/ERROR]: org.bukkit.craftbukkit.v1_20_R1.command.BukkitCommandWrapper.run(BukkitCommandWrapper.java:64)
[20:00:46] [Paper Watchdog Thread/ERROR]: com.mojang.brigadier.CommandDispatcher.execute(CommandDispatcher.java:265)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.commands.Commands.performCommand(Commands.java:324)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.commands.Commands.performCommand(Commands.java:308)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.network.ServerGamePacketListenerImpl.performChatCommand(ServerGamePacketListenerImpl.java:2354)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.network.ServerGamePacketListenerImpl.lambda$handleChatCommand$21(ServerGamePacketListenerImpl.java:2314)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.network.PlayerConnection$$Lambda$9940/0x000002d0c9c4a470.run(Unknown Source)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.util.thread.BlockableEventLoop.lambda$submitAsync$0(BlockableEventLoop.java:59)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.util.thread.IAsyncTaskHandler$$Lambda$9941/0x000002d0c9c4a690.get(Unknown Source)
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.TickTask.run(TickTask.java:18)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.util.thread.BlockableEventLoop.doRunTask(BlockableEventLoop.java:153)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.util.thread.ReentrantBlockableEventLoop.doRunTask(ReentrantBlockableEventLoop.java:24)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.MinecraftServer.doRunTask(MinecraftServer.java:1338)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.MinecraftServer.d(MinecraftServer.java:197)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.util.thread.BlockableEventLoop.pollTask(BlockableEventLoop.java:126)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.MinecraftServer.pollTaskInternal(MinecraftServer.java:1315)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.MinecraftServer.pollTask(MinecraftServer.java:1308)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.util.thread.BlockableEventLoop.managedBlock(BlockableEventLoop.java:136)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.MinecraftServer.waitUntilNextTick(MinecraftServer.java:1286)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.MinecraftServer.runServer(MinecraftServer.java:1174)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.MinecraftServer.lambda$spin$0(MinecraftServer.java:317)
[20:00:46] [Paper Watchdog Thread/ERROR]: net.minecraft.server.MinecraftServer$$Lambda$4756/0x000002d0c8a54c30.run(Unknown Source)
[20:00:46] [Paper Watchdog Thread/ERROR]: [email protected]/java.lang.Thread.run(Thread.java:833)
Expected Behavior
.
Reproduction Steps
- //limit restricts the maximum block generation count.
- //line anyblock Uses a command with a number greater than or equal to 100.
- You can potentially crash the server at any time.
Anything Else?
No response
Please see https://github.com/EngineHub/WorldEdit/security/policy. We do not consider this a vulnerability.