{"id":"CVE-2025-62783","summary":"InventoryGui affected by item duplication in GUIs which use GuiStorageElement","details":"InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement  can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT.","aliases":["GHSA-598q-jw82-5w66"],"modified":"2026-04-12T18:47:03.570724Z","published":"2025-10-27T20:54:36.254Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62783.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-837"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62783.json"},{"type":"ADVISORY","url":"https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-598q-jw82-5w66"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62783"},{"type":"REPORT","url":"https://github.com/Phoenix616/InventoryGui/issues/48"},{"type":"FIX","url":"https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phoenix616/inventorygui","events":[{"introduced":"0"},{"fixed":"27a52ef6d934a1c232e110e0010e4aa810c27029"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.2"}]}],"vanir_signatures":[{"deprecated":false,"target":{"function":"handleInteract","file":"src/main/java/de/themoep/inventorygui/InventoryGui.java"},"id":"CVE-2025-62783-3f261db1","signature_version":"v1","source":"https://github.com/phoenix616/inventorygui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029","digest":{"function_hash":"146346071083695590803261329308158386811","length":1614},"signature_type":"Function"},{"deprecated":false,"target":{"file":"src/main/java/de/themoep/inventorygui/InventoryGui.java"},"id":"CVE-2025-62783-7bca700a","signature_version":"v1","source":"https://github.com/phoenix616/inventorygui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029","digest":{"line_hashes":["233853074816097931183757349015369505905","220623504998945394016191106553660589019","219072779425338170956165407556706946852","75198821389244855708944150514486556043","109338749678674971985650389879441757612","183593174556638064359940359874772032548","30088607585844776654637413870820497426","118184780409789683838888783977296316879","125878624871804440806877634271113591182","10951962449558485021205136101874759271","155098970990621282141517025726507385513","50424030524134857822416189805868249399","173790849764115637188776479818699565000","145437175989248062830505543542894781235","79408169305470687276463535485752552920","261382823021608325120322495342385087256","61600816219335754760804425647142424162","125266974458771507172475581027997708156","220884027888050459794073188008898298494","148723716653639589874167383052553546748","294467035853995406047596914850291784860","10400455245022943300299493150674844624","233528977067677122501570037074933183370","291221879964320523465493115527228904100","555935330358997277156937778741421076","292772159772595502491125731344300719063","335821874880869127722236297147882594292","3765094737708976149844248796232403433","334710105601137277389513637592606446973","44730359658934169542142886782045276327","254352450942272932903182073150900430191","232132584322982313741951864236740534324","220135748856527374622987297534403329387"],"threshold":0.9},"signature_type":"Line"},{"deprecated":false,"target":{"function":"simulateCollectToCursor","file":"src/main/java/de/themoep/inventorygui/InventoryGui.java"},"id":"CVE-2025-62783-eebf5522","signature_version":"v1","source":"https://github.com/phoenix616/inventorygui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029","digest":{"function_hash":"216429781508387826202706346537626650838","length":1471},"signature_type":"Function"}],"vanir_signatures_modified":"2026-04-12T18:47:03Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62783.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"}]}