9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.4%
scala-library is vulnerable to deserialization of untrusted data. The vulnerability exists because the readObject
function in the LazyList.scala
allows an attacker to erase the contents of arbitrary files, make network connections, or possibly run arbitrary code on Function0
via a gadget chain.
CPE | Name | Operator | Version |
---|---|---|---|
scala library | le | 2.13.8 | |
scala library | le | 2.13.8 |
discuss.lightbend.com/t/impact-of-cve-2022-36944-on-akka-cluster-akka-actor-akka-remote/10007/2
github.com/advisories/GHSA-8qv5-68g4-248j
github.com/scala/scala-collection-compat/releases/tag/v2.9.0
github.com/scala/scala/commit/f24c226211eb340c999d810013efbff35a49863f
github.com/scala/scala/pull/10118
lists.fedoraproject.org/archives/list/[email protected]/message/6ZOZVWY3X72FZZCCRAKRJYTQOJ6LUD6Z/
lists.fedoraproject.org/archives/list/[email protected]/message/L3WMKPFAMFQE3HJVRQ5KOJUTWG264SXI/
www.scala-lang.org/download/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.4%