CVE-2021-33790

Name of the Vulnerable Software and Affected Versions: RebornCore library versions prior to 4.7.3

Description: The issue allows remote code execution due to the deserialization of untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. This enables an attacker to instantiate any class on the classpath with any data. The presence of a class usable for exploitation depends on the installed Minecraft modifications.

Recommendations: For versions prior to 4.7.3, update to version 4.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ExtendedPacketBuffer class to minimize the risk of exploitation.