Description

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.

Related CPE's

a

bdew

bdlib

*

*

*

*

*

minecraft

Vulnerable

References

https://bdew.net

Release NotesVendor Advisory

https://github.com/bdew-minecraft/bdlib/commit/447210530ceec72fb3374efecb0930ed359d2297

PatchThird Party Advisory

https://vuln.ryotak.me/advisories/46

Third Party Advisory

https://www.curseforge.com/minecraft/mc-mods/bdlib/files/3331330

ProductThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-502

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-06-03T12:15:07.797

4 years ago

Last modified

2021-06-14T18:43:42.100

4 years ago