Just a reminder - https://www.cvedetails.com/cve/CVE-2017-11615/:Qon wrote: βSat Dec 09, 2023 8:42 pm Even if it's multiplayer, the game is written in C++, a compiled language. They can't do unsafe eval() even if they wanted to, unless they add a non-sandboxed Lua with full computer access or include a compiler to run the input, both things are hardcore attempts at engineering a vulnerability. Can't accidentally happen.
If it happens accidentally then it would be something like a buffer overflow, but then it doesn't really matter that much if it's a text field, number field or a calculator field. And as you said, they know how to sandbox mods, why would they not be able to handle something orders of magnitude simpler?
A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library.