Description
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.
References
Release NotesVendor Advisory
https://github.com/bdew-minecraft/bdlib/commit/447210530ceec72fb3374efecb0930ed359d2297
PatchThird Party Advisory
https://vuln.ryotak.me/advisories/46
Third Party Advisory
https://www.curseforge.com/minecraft/mc-mods/bdlib/files/3331330
ProductThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-06-03T12:15:07.797
4 years agoLast modified
2021-06-14T18:43:42.100
4 years ago