{"id":"CVE-2021-33806","details":"The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.","modified":"2026-04-11T12:36:34.871418Z","published":"2021-06-03T12:15:07.797Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"fixed":"1.16.1.7"}],"cpe":"cpe:2.3:a:bdew:bdlib:*:*:*:*:*:minecraft:*:*","source":"CPE_FIELD"},{"extracted_events":[{"fixed":"1.16.1.7"}],"source":"DESCRIPTION"}]},"references":[{"type":"ADVISORY","url":"https://bdew.net"},{"type":"ADVISORY","url":"https://vuln.ryotak.me/advisories/46"},{"type":"ADVISORY","url":"https://www.curseforge.com/minecraft/mc-mods/bdlib/files/3331330"},{"type":"FIX","url":"https://github.com/bdew-minecraft/bdlib/commit/447210530ceec72fb3374efecb0930ed359d2297"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bdew-minecraft/bdlib","events":[{"introduced":"0"},{"fixed":"447210530ceec72fb3374efecb0930ed359d2297"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v0.9.0","v0.9.1","v0.9.2","v0.9.3","v0.9.4","v0.9.5","v1.0.0","v1.0.1","v1.1.0","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.5.0","v1.5.1","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.7.0","v1.7.1","v1.8.0","v1.8.1","v1.8.2","v1.9.0","v1.9.1","v1.9.2","v1.9.3","v1.9.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33806.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}