Linux Distros Unpatched Vulnerability : CVE-2022-36944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file

Summary Scala could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in LazyList. By sending specially-crafted request using gadget chain, an attacker could exploit this vulnerability to execute arbitrary code, erase contents of...

PT-2022-6144 · Scala +1 · Scala +1

Name of the Vulnerable Software and Affected Versions: Scala versions 2.13.x before 2.13.9 Description: The issue is related to errors in data deserialization. It may allow a remote attacker to execute arbitrary code, erase the contents of arbitrary files, or make network connections via a gadget...