CVE-2021-33806
Description
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.
References
Release NotesVendor Advisory
PatchThird Party Advisory
ProductThird Party Advisory
Third Party Advisory
CvssV3 impact
BaseSeverity | CRITICAL |
ConfidentialityImpact | HIGH |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | HIGH |
IntegrityImpact | HIGH |
PrivilegesRequired | NONE |
BaseScore | 9.8 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Version | 3.1 |
UserInteraction | NONE |
CvssV2 impact
AccessComplexity | LOW |
ConfidentialityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
BaseScore | 7.5 |
VectorString | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Version | 2.0 |
AccessVector | NETWORK |
Authentication | NONE |