(solved) Critical security bug in WG 1.13

Discussion in 'Server & Community Management' started by Lambsauce, Jul 31, 2018.

Thread Status:
Not open for further replies.
  1. Lambsauce

    Supporter

    Edit: Has been solved long time ago.

    Hello there,

    I have discovered a serious bug with WG builds at http://builds.enginehub.org/job/worldedit?branch=string-ids.
    I have tried the latest build #3797 (edit build #1723) and replicated the bug on several servers.

    People with malicious intent can completely destroy servers with this bug. I will therefore not explain the bug publicly. I am not sure how to contact the developers, please help me with this so they can fix this ASAP.

    I would advise not using WG 1.13 builds while this bug has not been fixed yet.

    I thought this would be reasonable to share as it is quite an essential plugin and I've seen many 1.13 production servers vulnerable to this bug.
     
    #1 Lambsauce, Jul 31, 2018
    Last edited: Oct 28, 2018
  2. cindy_k

    IRC Staff Wiki Team Patron

  3. Smart thinking to not share the exploit details. Many people actually make this mistake by completely sharing any exploit details straight on the public, which makes things only worse. You should get in touch with the WG developer and get it fixed asap and privately.
     
  4. Well, they are development builds for a reason and should not be used on a public server. They probably have loads of bugs right now :p
     
    • Agree Agree x 2
Thread Status:
Not open for further replies.