[LOW] PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state

PKSA-t7y4-spmt-39ct GHSA-f9jp-856v-8642

Affected version: <5.39.2

Reported by:
GitHub

[MEDIUM] PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`

PKSA-yw3m-b28c-y6hc GHSA-7hmv-4j2j-pp6f

Affected version: <5.39.2

Reported by:
GitHub

[HIGH] PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling

PKSA-cnjv-js4w-1xcs GHSA-788v-5pfp-93ff

Affected version: <5.39.2

Reported by:
GitHub

[HIGH] PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket

PKSA-h4z5-fb6q-736p GHSA-h6rj-3m53-887h

Affected version: <5.41.1

Reported by:
GitHub

[HIGH] PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking

PKSA-gsjv-vrbx-n6br GHSA-fqqv-56h5-f57g

Affected version: <5.32.1

Reported by:
GitHub