CVE-2021-33806
CRITICALbdew bdlib < 1.16.1.7 - Remote Code Execution via Java Deserialization
Title source: llmDescription
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://bdew.net
Product, Third Party Advisory x_refsource_misc
https://www.curseforge.com/minecraft/mc-mods/bdlib/files/3331330
Third Party Advisory x_refsource_misc
https://vuln.ryotak.me/advisories/46
Patch, Third Party Advisory x_refsource_confirm
https://github.com/bdew-minecraft/bdlib/commit/447210530ceec72fb3374efecb0930ed359d2297
Scores
CVSS v3
9.8
EPSS
0.0298
EPSS Percentile
85.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
bdew/bdlib
< 1.16.1.7
Published
Jun 03, 2021
Tracked Since
Feb 18, 2026