Critical severity9.8NVD Advisory· Published May 31, 2021· Updated Jun 17, 2026
CVE-2021-33790
CVE-2021-33790
Description
The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation might or might not be present, depending on what Minecraft modifications are installed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- RebornCore library/RebornCore librarydescription
- Range: <4.7.3
Patches
Vulnerability mechanics
References
3- github.com/TechReborn/RebornCore/security/advisories/GHSA-r7pg-4xrf-7mrmnvdThird Party Advisory
- vuln.ryotak.me/advisories/45nvdThird Party Advisory
- www.curseforge.com/minecraft/mc-mods/reborncorenvdProductThird Party Advisory
News mentions
0No linked articles in our index yet.