以下是关于漏洞的关键信息,简洁的markdown返回: ```markdown # Advisory #46 | Title | BdLib (Minecraft Mod) deserialization of untrusted data in network stack | |--------------------------------------------------|-----------------------------------------------------------------------| | CVE ID | CVE-2021-33806 | | Vendor | bdew | | Affected product | BdLib | | Affected versions | - 1.16.1.6 | | Vulnerability type | CWE-502: Deserialization of Untrusted Data | | Description | BdLib uses ObjectInputStream.readObject() to deserialize some packet data after being sent over the minecraft packet pipeline. However BdLib opens up this up to maliciously crafted data from untrusted Minecraft servers and clients by not validating the data before deserialization. Which may allow a malicious server/client to execute arbitrary codes. | | Status | Fixed in 1.16.1.7 | | Recommendation | Update to 1.16.1.7 or above. | ``` 关键信息: - 脆弱性与不安全的反序列化有关(CWE-502)。 - 它可能允许恶意服务器或客户端执行任意代码。 - 建议用户更新到1.16.1.7或更高版本以修复漏洞。 - 该漏洞存在于Minecraft Mod BdLib的网络堆栈部分。