Impact
Malicious users can easily get the uuid from other users, and passing it in a specific command in the browser console changes their own uuid to the target, making both users own the same session.
Patches
Anyone hosting the game should immediately switch to version 1.1.0, which already has the fix for this vulnerability, in addition to other important fixes.
For more information
If you have any questions or comments about this advisory:
Impact
Malicious users can easily get the uuid from other users, and passing it in a specific command in the browser console changes their own uuid to the target, making both users own the same session.
Patches
Anyone hosting the game should immediately switch to version
1.1.0, which already has the fix for this vulnerability, in addition to other important fixes.For more information
If you have any questions or comments about this advisory: