Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:37323
HistorySep 29, 2022 - 4:29 a.m.

Deserialization Of Untrusted Data

2022-09-2904:29:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
40
deserialization
untrusted data
vulnerability
scala-library
lazylist.scala
readobject function
arbitrary files
network connections
function0
gadget chain

EPSS

0.008

Percentile

81.1%

scala-library is vulnerable to deserialization of untrusted data. The vulnerability exists because the readObject function in the LazyList.scala allows an attacker to erase the contents of arbitrary files, make network connections, or possibly run arbitrary code on Function0 via a gadget chain.