CVE-2023-38689

Name of the Vulnerable Software and Affected Versions Logistics Pipes versions 0.7.0.91 through 0.10.0.71

Description The issue is related to the use of Java's ObjectInputStream#readObject on untrusted data coming from clients or servers over the network, resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue was fixed in 2016 by a refactoring of the network IO code. The issue is present in versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads.

Recommendations For Minecraft version 1.7.10, update Logistics Pipes to build 0.10.0.71 or newer. For other affected versions, play in singleplayer only or update to newer Minecraft versions and modpacks. As a temporary workaround, consider restricting online play to minimize the risk of exploitation.