CVE-2023-37261

Name of the Vulnerable Software and Affected Versions OpenComputers versions 1.2.0 through 1.8.3

Description This issue affects OpenComputers with the Internet Card feature enabled, allowing players to gain access to sensitive information exposed via metadata services' API endpoints, such as those provided by cloud hosting providers like AWS, GCP, and Azure. The lack of proper filtering for IPv6 addresses enables broader access into the local IPv6 network, potentially allowing players to retrieve sensitive information from the private IPv4 address space and the whole IPv6 address space.

Recommendations For OpenComputers versions 1.2.0 through 1.8.2, consider disabling the Internet Card feature completely as a temporary workaround. For OpenComputers version 1.8.3, update to the patched version for Minecraft 1.7.10 and 1.12.2. For OpenComputers versions 1.3.0 and above, use the opencomputers.internet.whitelist option to only allow connections to specified IP addresses and/or domains, or add entries to the opencomputers.internet.blacklist option to block unwanted connections.