BleedingPipe is an exploit being used in the wild allowing FULL remote code execution on clients and servers running popular Minecraft mods on 1.7.10/1.12.2 Forge (its mainly those versions, other versions are affected.), alongside some other mods. Use of the BleedingPipe exploit has already been observed on unsuspecting servers.
This is a vulnerability in mods using unsafe deserialization code, not in Forge itself.
Does an attacker need to be logged in to take advantage of the exploit? Will a whitelist keep my server safe?
From what I’ve read, no. It’s an issue with some mods using insecure networking code, letting the malicious party to inject payloads to the server or clients.
From the blog post:
The bug is a well known issue with deserialization using ObjectInputStream. The mods affected used OIS for networking code, and this allowed packets with malicious serialization to be sent. This allows anything to be run on the server, which then can be used on the server to do the same thing to all clients, therefore infecting all clients with the server in reverse.
Take my conclusions with a grain of salt, I’m no expert so I might be wrong.
