Unrated severityNVD Advisory· Published Apr 18, 2025· Updated Apr 18, 2025

NamelessMC Has Lack of Length Validation for s Parameter in GET Requests

CVE-2025-29784

Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0.

Affected products

Namelessmc/Namelessv5
Range: < 2.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebddmitrex_refsource_MISC
github.com/NamelessMC/Nameless/releases/tag/v2.2.0mitrex_refsource_MISC
github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jmmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000