VYPR

Maven package

org.scala-lang/scala-library

pkg:maven/org.scala-lang/scala-library

Vulnerabilities (1)

  • CVE-2022-36944Sep 23, 2022
    affected >= 2.13.0, < 2.13.9fixed 2.13.9

    Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary file