CVE-2022-35978

Name of the Vulnerable Software and Affected Versions Minetest versions prior to 5.6.1

Description The issue concerns a security vulnerability in Minetest, a free open-source voxel game engine, where a mod in single-player mode can set a global setting to control the Lua script loaded for the main menu. This script is loaded upon exiting the game session, and since the Lua environment is not sandboxed, it can directly interfere with the user's system. There are currently no known workarounds for this issue.

Recommendations For versions prior to 5.6.1, update to version 5.6.1 to resolve the issue. As a temporary workaround, consider disabling the use of mods in single-player mode until the update can be applied. Restrict access to the Lua script loaded for the main menu to minimize the risk of exploitation. Avoid using mods that could potentially set malicious global settings for the main menu script.