CVE-2021-33806

CRITICAL

Bdew Bdlib < 1.16.1.7 - Insecure Deserialization

Title source: rule

Description

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.

References (4)

[Release Notes, Vendor Advisory] https://bdew.net

[Patch, Third Party Advisory] https://github.com/bdew-minecraft/bdlib/commit/447210530ceec72fb3374efecb0930ed359d2297

View Patch ZIP pw:eip

[Third Party Advisory] https://vuln.ryotak.me/advisories/46

[Product, Third Party Advisory] https://www.curseforge.com/minecraft/mc-mods/bdlib/files/3331330

Scores

CVSS v3 9.8

EPSS 0.0686

EPSS Percentile 91.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

bdew/bdlib < 1.16.1.7

Timeline

Published Jun 03, 2021

Tracked Since Feb 18, 2026