Vulnerability Description
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bdew | Bdlib | < 1.16.1.7 |
Related Weaknesses (CWE)
References
- https://bdew.netRelease NotesVendor Advisory
- https://github.com/bdew-minecraft/bdlib/commit/447210530ceec72fb3374efecb0930ed3PatchThird Party Advisory
- https://vuln.ryotak.me/advisories/46Third Party Advisory
- https://www.curseforge.com/minecraft/mc-mods/bdlib/files/3331330ProductThird Party Advisory
- https://bdew.netRelease NotesVendor Advisory
- https://github.com/bdew-minecraft/bdlib/commit/447210530ceec72fb3374efecb0930ed3PatchThird Party Advisory
- https://vuln.ryotak.me/advisories/46Third Party Advisory
- https://www.curseforge.com/minecraft/mc-mods/bdlib/files/3331330ProductThird Party Advisory
FAQ
What is CVE-2021-33806?
CVE-2021-33806 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.
How severe is CVE-2021-33806?
CVE-2021-33806 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-33806?
Check the references section above for vendor advisories and patch information. Affected products include: Bdew Bdlib.