Arbitrary Code Execution via Lua Bytecode in Dungeon Crawl Stone Soup (DCSS) 0.25 and earlier

Arbitrary Code Execution via Lua Bytecode in Dungeon Crawl Stone Soup (DCSS) 0.25 and earlier

CVE-2020-11722 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

Learn more about our Web Application Penetration Testing UK.