The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-33806
• bdew-minecraft/bdlib@4472105
• https://bdew.net
• https://vuln.ryotak.me/advisories/46
• https://www.curseforge.com/minecraft/mc-mods/bdlib/files/3331330