CVE-2021-44228 in Minecraft

Java 16
Paper server build #397
Minecraft 1.17.1

Exploitation

In Java 16 only deserialization attacks work by default using log4j. To exploit this there needs to be a vulnerable serializable class in the classpath. In the current state of this repository the server will only send a serialized string object. If you found a vulnerable serializable class feel free to create a pull request.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.gradle		.gradle
.idea		.idea
build		build
gradle/wrapper		gradle/wrapper
src/main/java		src/main/java
README.md		README.md
build.gradle		build.gradle
gradlew		gradlew
gradlew.bat		gradlew.bat
settings.gradle		settings.gradle

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.gradle

.gradle

.idea

.idea

build

build

gradle/wrapper

gradle/wrapper

src/main/java

src/main/java

README.md

README.md

build.gradle

build.gradle

gradlew

gradlew

gradlew.bat

gradlew.bat

settings.gradle

settings.gradle

Repository files navigation

CVE-2021-44228 in Minecraft

Exploitation

About

Releases

Packages

Languages

myyxl/cve-2021-44228-minecraft-poc

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-44228 in Minecraft

Exploitation

About

Topics

Resources

Stars

Watchers

Forks

Languages