CVE-2021-33790
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation might or might not be present, depending on what Minecraft modifications are installed.
La biblioteca RebornCore versiones anteriores a 4.7.3, permite una ejecución de código remota porque deserializa datos no confiables en la función ObjectInputStream.readObject como parte de reborncore.common.network.ExtendedPacketBuffer. Un atacante puede crear una instancia de cualquier clase en la ruta de clases con cualquier dato. Una clase utilizable para explotación puede estar presente o no, dependiendo de las modificaciones de Minecraft instaladas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-30 CVE Reserved
- 2021-05-31 CVE Published
- 2024-08-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/TechReborn/RebornCore/security/advisories/GHSA-r7pg-4xrf-7mrm | Third Party Advisory | |
| https://vuln.ryotak.me/advisories/45 | Third Party Advisory | |
| https://www.curseforge.com/minecraft/mc-mods/reborncore | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Techreborn Search vendor "Techreborn" | Reborncore Search vendor "Techreborn" for product "Reborncore" | <= 3.13.8 Search vendor "Techreborn" for product "Reborncore" and version " <= 3.13.8" | - |
Affected
| in | Minecraft Search vendor "Minecraft" | Minecraft Search vendor "Minecraft" for product "Minecraft" | - | - |
Safe
|
| Techreborn Search vendor "Techreborn" | Reborncore Search vendor "Techreborn" for product "Reborncore" | >= 3.19.0 < 3.19.5 Search vendor "Techreborn" for product "Reborncore" and version " >= 3.19.0 < 3.19.5" | - |
Affected
| in | Minecraft Search vendor "Minecraft" | Minecraft Search vendor "Minecraft" for product "Minecraft" | - | - |
Safe
|
| Techreborn Search vendor "Techreborn" | Reborncore Search vendor "Techreborn" for product "Reborncore" | >= 4.2.0 < 4.2.10 Search vendor "Techreborn" for product "Reborncore" and version " >= 4.2.0 < 4.2.10" | - |
Affected
| in | Minecraft Search vendor "Minecraft" | Minecraft Search vendor "Minecraft" for product "Minecraft" | - | - |
Safe
|
| Techreborn Search vendor "Techreborn" | Reborncore Search vendor "Techreborn" for product "Reborncore" | >= 4.7.0 < 4.7.3 Search vendor "Techreborn" for product "Reborncore" and version " >= 4.7.0 < 4.7.3" | - |
Affected
| in | Minecraft Search vendor "Minecraft" | Minecraft Search vendor "Minecraft" for product "Minecraft" | - | - |
Safe
|