CVE-2024-41565

Published: Aug 28, 2024Modified: Mar 19, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication.

Affected (4)

Products: Mezz: Justenoughitems

Mezz

1 product

Justenoughitems

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mezz Justenoughitems	Before 11.6.0.1021
Mezz Justenoughitems	From 12.0.0 to 13.1.0.18
Mezz Justenoughitems	From 14.0.0 to 15.8.0.11
Mezz Justenoughitems	From 16.0.0 to 19.5.0.34

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://gist.github.com/apple502j/05123abb1d1c89c31afde15a9b34e2ae

Source: cve@mitre.org

Third Party Advisory

https://github.com/mezz/JustEnoughItems/commit/99ff43ba1009c44c6d935e2ab8a6c9292bb12873

Source: cve@mitre.org

Patch

Timeline

No history available yet.