Modmuss50

**Name of the Vulnerable Software and Affected Versions** SuperMartijn642's Config Lib versions 1.0.4 through 1.0.8 **Description** The issue affects a library used by several Minecraft mods, allowing exploitation on both servers and clients. It involves the use of `ObjectInputStream#readObject` to read `enum` values from packet data sent by servers, which can instantiate classes based on input data without validation. This can lead to remote code execution if a suitable class is found. Both clients and servers are vulnerable due to the potential for malicious packets to be sent in either direction. **Recommendations** For SuperMartijn642's Config Lib versions 1.0.4 through 1.0.8, update to version 1.0.9 or higher to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `ObjectInputStream#readObject` function until the update can be applied.