Insecure Randomness Affecting de.gurkenlabs:litiengine Open this link in a new tab package, versions [0,0.5.1)

Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-DEGURKENLABS-1050177
published

17 Feb 2021
disclosed

9 Dec 2020
credit

Gamebuster19901

Report a new vulnerability Found a mistake?

Introduced: 9 Dec 2020

CWE-331 Open this link in a new tab

How to fix?

Upgrade de.gurkenlabs:litiengine to version 0.5.1 or higher.

Overview

de.gurkenlabs:litiengine is a pure 2D free java game engine. Written in plain Java 8 it provides all the infrastructure to create a 2D tile based java game, be it a platformer or a top-down adventure.

Affected versions of this package are vulnerable to Insecure Randomness. The client IDs in ClientConnection are sequential. This easily allows an attacker to spoof another player's ID.

Insecure Randomness Affecting de.gurkenlabs:litiengine Open this link in a new tab package, versions [0,0.5.1)

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 9 Dec 2020

How to fix?

Overview

References