CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.1%
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR
file. On its own, it cannot be exploited. There is only a risk in
conjunction with Java object deserialization within an application. In such
situations, it allows attackers to erase contents of arbitrary files, make
network connections, or possibly run arbitrary code (specifically,
Function0 functions) via a gadget chain.