This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Luanti < 5.15.2 suffers from a **Lua Sandbox Escape** via LuaJIT.β¦
π¦ **Affected**: **Luanti** (the open-source voxel game engine). π **Versions**: All versions **prior to 5.15.2**. If you are running an older build, you are vulnerable. π°οΈ
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: Gain **Host-Level Access**. π **Data**: Exfiltrate sensitive files. π§ **Privileges**: Execute arbitrary commands on the host machine.β¦
π **Threshold**: **Low**. π **Auth**: **None required** (PR:N). π±οΈ **UI**: **None required** (UI:N). π― **Access**: Local (AV:L). If a user runs a malicious mod, exploitation is straightforward. π
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exploit**: **No PoC available** in the provided data. π **References**: Official GitHub commits and GHSA advisory exist, but no public exploit code is listed. π΅οΈββοΈ
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Verify your **Luanti version number**. π **Action**: If version < 5.15.2, you are at risk. π **Scan**: Look for custom mods that interact deeply with LuaJIT internals. π
π§ **No Patch Workaround**: **Disable Modding**. π« Do not load untrusted mods. π‘οΈ Isolate the game environment if possible. Since it requires local execution, restrict who can run the game client. π
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **HIGH**. π¨ **Priority**: Patch immediately. With **CVSS 9.0+** potential (S:C, C:H, I:H, A:H), the impact is catastrophic. Even without public exploits, the risk of local privilege escalation is severe. β³