CVE-2023-35925

Name of the Vulnerable Software and Affected Versions FastAsyncWorldEdit versions prior to 2.6.3

Description This issue enables an attacker to select a region with the Infinity keyword and execute any operation, potentially bringing the server down. The attacker can exploit this by selecting a position with the Infinity keyword via commands like //pos2 Infinity and then executing further operations.

Recommendations For versions prior to 2.6.3, update FastAsyncWorldEdit to version 2.6.3 as soon as possible to address the vulnerability. As a temporary workaround, consider restricting the use of the Infinity keyword in position selection commands until the update is applied. Additionally, users with access to server logs can try to identify possible abuses of this issue by searching for the regex query //pos[12] Infinity in the logs.