Minecraft’s vulnerability allows hackers remotely execute arbitrary code

Experts said that they discovered mods for Minecraft, allowing attackers to launch the remote execution of arbitrary code on game servers and user machines. With the help of vulnerabilities, hackers can access user data and use the final device to form a botnet.

Minecraft Malware Prevention Alliance (MMPA) community reported that many popular Minecraft modifications contain BleedingPipe vulnerability, which allows hackers to launch the remote execution of arbitrary code. Basically, vulnerability is found in modes for Minecraft based on Forge, but the community claims that any other versions of the game can affect the error.

The first time the error was reported in March 2022. Then users talked about the vulnerability found in the BDLIB repository. After that, the developers of the Mineyourmind server and the Enigmatica 2 Expert fashion package talked about the same error in their products.

On July 9, 2023, the Forge forum talked about the same mistake, noting that with its help, attackers can compromise the server and get the accounting data of Discord accounts and recording Steam sessions. Then, according to Forge representatives, the problem touched the fashion of Endercore, Bdlib and Logisticspipe. However, a message from the Forge administration did not fall into the field of user vision.

Representatives of the MMPA community compiled a list of popular mods affected by vulnerability:

  • Endercore;
  • Logisticspipes;
  • Bdlib 1.7-1.12;
  • Smart Moving 1.12;
  • Brazier;
  • Danknull;
  • Gadomance.

It is recommended that the server administrators check the server directory for the maintenance of suspicious files and refuse to use the affected mods until their developers correct the vulnerability. Players should scan the directory by car .minecraft using jsus or jneedle utilities. Vulnerability is a common error with ObjectinPutstream Silization in Java.