CVE-2024-31446

Name of the Vulnerable Software and Affected Versions OpenComputers versions prior to 1.8.4 GregTech: New Horizons modpack versions prior to 1.10.10-GTNH

Description The issue allows a user to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device in the mod and can be performed by anyone who can execute Lua code on them. The problem occurs while using the native Lua library, but LuaJ appears to not have this issue.

Recommendations For OpenComputers versions prior to 1.8.4, update to version 1.8.4 to resolve the issue. For GregTech: New Horizons modpack versions prior to 1.10.10-GTNH, update to version 1.10.10-GTNH to apply the relevant patch. As a temporary workaround, consider restricting the execution of Lua code on devices in the mod to minimize the risk of exploitation.