Can an unmodded paper server be affected by unsafe deserialization on modded clients?
I recently was sent a link to github describing a security vulnerability in many mods that if exploited allowed for arbitrary remote code execution on servers and clients. I run a paper server that is completely unmodded, but I'm also not familiar enough with java to know if the exploit could pose an issue to an unmodded server hosting clients with affected client-side mods. Here is the link to the github page: https://github.com/dogboy21/serializationisbad Any help would be very much appreciated.
GitHub
A Minecraft coremod / Java Agent aiming to patch serious security vulnerabilities found in many different mods - GitHub - dogboy21/serializationisbad: A Minecraft coremod / Java Agent aiming to pat...
