Lucene search
+L

6 matches found

RedHat Linux
RedHat Linux
added 2023/05/18 9:54 a.m.7 views

scala: deserialization gadget chain

A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data...

9.8CVSS7.8AI score0.08343EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/05/11 4:52 p.m.43 views

CVE-2022-36944

A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data. Mitigation Users of Scala's LazyList should...

8.1CVSS9.3AI score0.08343EPSS
Exploits1References4
OSV
OSV
added 2022/09/25 12:0 a.m.3 views

GHSA-8QV5-68G4-248J Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make netwo...

9.8CVSS6.9AI score0.08343EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/09/25 12:0 a.m.48 views

Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make netwo...

9.8CVSS9.3AI score0.08343EPSS
Exploits1References9Affected Software1
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.6 views

Scala 代码问题漏洞

Scala is a Scala 2 compiler and standard library open-sourced by Scala. Scala version 2.13.x prior to 2.13.9 suffers from a code issue vulnerability that stems from a Java deserialization chain in a JAR file, which cannot be exploited and is at risk along with the deserialization of LazyList...

9.8CVSS7.8AI score0.08343EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2022/09/23 12:0 a.m.5 views

PT-2022-6144

Name of the Vulnerable Software and Affected Versions Scala versions 2.13.x before 2.13.9 Description The issue is related to errors in data deserialization. It may allow a remote attacker to execute arbitrary code, erase the contents of arbitrary files, or make network connections via a gadget...

10CVSS7AI score0.08343EPSS
Exploits1References20
Rows per page
Query Builder