There was already a similar vulnerability in the past called "Mad Gadget". The vulnerability is caused by unsafe usage of the Java serialization feature in network packets sent by servers to clients or clients to servers, which allows instantiating any Java class that is loaded in the Minecraft instance. We initially attempted to thoroughly and responsibly investigate the issue in order to publish a write-up and completely fix the vulnerability, but since a group named MMPA just published a blog post about the issue while omitting many crucial details about the vulnerability, we were forced to release a statement and attempt to fix the issue right away since they were currently putting millions of modded Minecraft users at risk. Unsafe Deserialization Vulnerability in Many Minecraft ModsĪ few weeks ago, a critical vulnerability allowing arbitrary remote code execution on clients and servers (and therefore all connected clients on a server) was discovered in many Minecraft mods.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |