{"id":"CVE-2018-1999023","details":"The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.","modified":"2026-04-16T06:16:22.949209336Z","published":"2018-07-23T16:29:00.273Z","related":["openSUSE-SU-2024:11509-1"],"references":[{"type":"FIX","url":"https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wesnoth/wesnoth","events":[{"introduced":"adee85e1cbd14bc71827a0d81728ccf80705d1e4"},{"last_affected":"51609d2cef4e42e067d09ebba7b0b0a30b7bce01"}],"database_specific":{"versions":[{"introduced":"1.7.0"},{"last_affected":"1.14.3"}]}}],"versions":["1.10.0","1.11.0","1.11.1","1.11.10","1.11.10-retag","1.11.11","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.13.0","1.13.1","1.13.10","1.13.10-retag","1.13.11","1.13.12","1.13.13","1.13.14","1.13.2","1.13.3","1.13.4","1.13.5","1.13.6","1.13.7","1.13.8","1.14.0","1.14.2","1.14.3","1.7.0","1.7.1","1.7.10","1.7.11","1.7.12","1.7.13","1.7.14","1.7.15","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.0","1.9.0","1.9.1","1.9.10","1.9.11","1.9.12","1.9.13","1.9.14","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.9","original_master"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999023.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}