Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-15288 DESCRIPTION: Scala could allow a local authenticated attacke...

High severity vulnerability that affects org.scala-lang:scala-compiler

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...

GHSA-QVXV-PMQ9-4Q7G High severity vulnerability that affects org.scala-lang:scala-compiler

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...

Arbitrary Code Execution

scala-compiler is vulnerable to arbitrary code execution. A malicious user can write and execute arbitrary scala class files on the system through the compiler daemon due to weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port...