Exploit with calio:share_item

apace100 / calio

Calio is a simple library mod for Minecraft Fabric, its main feature being the serializable data system.

MIT License

6 stars 19 forks source link

Exploit with calio:share_item #1

Closed EdwinMindcraft closed 3 years ago

EdwinMindcraft commented 3 years ago

The way share_item is serialized make it easy to hijack with another mod to grant access to a version of the tellraw command. The simplest way to fix this is to transmit the stack instead of the component. Doing so will make sure that clients without operator privileges won't have access to those features.

apace100 commented 3 years ago

Thanks! Will fix this ASAP.

apace100 commented 3 years ago

Fixed in https://github.com/apace100/calio/commit/9b7322344f9ff24c0fdf91b157540b0a2e4af031