{"id":"UBUNTU-CVE-2022-24300","details":"Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.","modified":"2025-10-24T04:53:29Z","published":"2022-02-02T06:15:00Z","upstream":["CVE-2022-24300"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-24300"},{"type":"REPORT","url":"https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf"},{"type":"REPORT","url":"https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr"},{"type":"REPORT","url":"https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38"},{"type":"REPORT","url":"https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae"},{"type":"REPORT","url":"https://bugs.debian.org/1004223"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-24300"}],"affected":[{"package":{"name":"minetest","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/minetest@0.4.13+repack-1build1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.4.12+repack-2ubuntu1","0.4.13+repack-1","0.4.13+repack-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.4.13+repack-1build1","binary_name":"minetest"},{"binary_version":"0.4.13+repack-1build1","binary_name":"minetest-data"},{"binary_version":"0.4.13+repack-1build1","binary_name":"minetest-server"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-24300.json"}},{"package":{"name":"minetest","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/minetest@0.4.16+repack-4?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.4.16+repack-3","0.4.16+repack-4"],"ecosystem_specific":{"binaries":[{"binary_version":"0.4.16+repack-4","binary_name":"minetest"},{"binary_version":"0.4.16+repack-4","binary_name":"minetest-data"},{"binary_version":"0.4.16+repack-4","binary_name":"minetest-server"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-24300.json"}},{"package":{"name":"minetest","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/minetest@5.1.1+repack-1build1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.0.1+repack-2","5.1.0+repack-1","5.1.1+repack-1","5.1.1+repack-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.1.1+repack-1build1","binary_name":"minetest"},{"binary_version":"5.1.1+repack-1build1","binary_name":"minetest-data"},{"binary_version":"5.1.1+repack-1build1","binary_name":"minetest-server"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-24300.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}