Vulnerabilities: Difference between revisions
Document CWE-1284 bug with custom chat metadata from January 13, 2025 |
There are no recorded instances of this exploit being deployed offensively before the patch, but feel free to correct this if there's proof |
||
| Line 95: | Line 95: | ||
'''Commit(s):''' <nowiki>https://github.com/system2k/NodeWorldOfText/commit/8070c780476c5ecfa257f46743f7b09bc49073ef</nowiki> | '''Commit(s):''' <nowiki>https://github.com/system2k/NodeWorldOfText/commit/8070c780476c5ecfa257f46743f7b09bc49073ef</nowiki> | ||
'''Actively exploited at its time:''' | '''Actively exploited at its time:''' No | ||
'''Patched:''' Yes | '''Patched:''' Yes | ||
'''Discoverer(s):''' ITAC85v2 | '''Discoverer(s):''' ITAC85v2 | ||
Latest revision as of 17:18, 3 February 2025
This page documents all vulnerabilities that have been present in Our World of Text. Design flaws will not be included. By definition, a vulnerability is a bug that a person can take advantage of to manipulate the server or a user's data in unauthorized ways.
April 12, 2018
Type: Unauthorized data manipulation
Description: With a few specially crafted edits, the content of a tile can get corrupted, affecting precisely-protected cells as well.
Commit(s): https://github.com/system2k/NodeWorldOfText/commit/edd89084e5cdb80d49af1239bf796506dadc3aea
Actively exploited at its time: Yes
Patched: Yes
Discoverer(s): Unknown, FP
September 23, 2021
Type: Crash exploit
Description: Sending a cursor message on a world with guest cursors disabled and then disconnecting the client would crash the server. Can be used to take down server for any amount of time.
Actively exploited at its time: No
Patched: Yes
Discoverer(s): FP
November 20, 2021
Type: Unauthorized in-memory representation manipulation
Description: Upon removing a member from your world, all of the member's connected clients will be temporarily demoted regardless of their world until they refresh. Caused by not checking the world the client is located in before unmarking user as member in memory.
Actively exploited at its time: No
Patched: Yes
Discoverer(s): FP
June 11, 2022
Type: Crash exploit
Description: A write to a tile containing an empty "link" object within the cell_props can crash the server. Can be used to take down server for any amount of time.
Commit(s): https://github.com/system2k/NodeWorldOfText/commit/d021af26bb8363fcf9ec73539cd05208b6f5ed3d
Actively exploited at its time: No
Patched: Yes
Discoverer(s): FP
February 27, 2023
Type: Data infiltration
Description: A user can insert arrays of unlimited lengths into the color array of a tile. Can be used to corrupt tile color data, take server down
Commit(s): https://github.com/system2k/NodeWorldOfText/commit/292df686812af8cb3d99bada2c3ded3f4b3d8850
Actively exploited at its time: No
Patched: Yes
Discoverer(s): FP
June 2, 2024
Type: Rate limit issue
Description: A user can send up to 512 chat messages per second on the Global channel.
Commit(s): https://github.com/system2k/NodeWorldOfText/commit/dd4b385b762dc9f6033ddcab788ce4e1a2103b77
Actively exploited at its time: Yes
Patched: Yes
Discoverer(s): Maroon, FP, KKosty4ka
June 17, 2024
Type: Crash exploit
Description: A crash exploit in the "ws" library affected OWOT.
Commit(s): https://github.com/system2k/NodeWorldOfText/commit/00ebd4202924dc660dab22ffd41f5c45f39da446
Actively exploited at its time: No
Patched: Yes
Discoverer(s): KKosty4ka
January 13, 2025
Type: Bad length validation (CWE-1284)
Description: Due to a typo, string values in a custom chat metadata object were not properly validated. Can be used to take down or saturate the server with extremely large payloads. (CAPEC-231)
Commit(s): https://github.com/system2k/NodeWorldOfText/commit/8070c780476c5ecfa257f46743f7b09bc49073ef
Actively exploited at its time: No
Patched: Yes
Discoverer(s): ITAC85v2