[MALWARE WARNING] RCE Vulnerability on some modded servers - Bleeding Pipe
On July 29th, 2023, the Minecraft Malware Prevention Alliance (MMPA) released a blogpost detailing the exploitation of some mods on 1.7.10, 1.12.2, and possibly other versions of Forge servers. Malicious actors took advantage of vulnerabilities in how they deserialized data, allowing them to have Remote Code Execution (RCE) on both clients and servers. It is currently unknown what exactly was done, but it can be assumed a malicious payload was being sent to affected devices; there are no known methods to detect if this happened to you.
Table of Contents:
What can I do?
Following the MMPA's guidance:
Pipeblocker is a mod created by the MMPA that can protect against all mods affected by this vulnerability. It can be used on any server or client on Forge 1.7.2-1.12.2.
If you use the mods listed below, it is recommended to update them to the latest version available. For BDLib specifically, the GT New Horizions fork is recommended.
- Advent of Ascension (Nevermine) (only affects 1.12.2)
- Arrows Plus
- Astral Sorcery (versions <=1.9.1)
- BDLib (versions 1.7-1.12)
- Custom Friends Capes
- Energy Manipulation
- EnderCore (dependency of EnderIO, only affects 1.9-1.13)
- Giacomo's Bookshelf
- Immersive Armors (only affects 1.17.1, 1.18.1, 1.19.0, and 1.19.1)
- Immersive Aircraft
- Immersive Paintings
- JourneyMap (introduced in 1.16.5-5.7.1 and Fixed in 1.16.5-5.7.2 No other versions were effected)
- LanteaCraft / SGCraft
- LogisticsPipes (only affects 1.4.7-1.7.10)
- Minecraft Comes Alive (MCA) (only affects 1.5.2-1.6.4)
- MattDahEpic Core (MDECore) (only affects 1.8.8-1.12.2)
- mxTune (only affects 1.12-1.16.5)
- p455w0rd's Things
- Project Blue
- RebornCore (affects versions >= 3.13.8, <4.7.3)
- SuperMartijn642's Config Lib (only affects versions <1.0.9)
- Thaumic Tinkerer (fixed in version 2.3-138 for Minecraft 1.7.2, versions for 1.6-1.6.4 remain affected)
- Tough Expansion
- ttCore (only affects 1.7.10)
We would like to thank the MMPA for the detailed blogpost explaining the situation and the release of Pipeblocker. If you are interested, you can join their Discord server here: https://discord.gg/5NvpmUttDP.