Maven package
org.scala-lang/scala-library
pkg:maven/org.scala-lang/scala-library
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-36944 | — | >= 2.13.0, < 2.13.9 | 2.13.9 | Sep 23, 2022 | Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary file |
- CVE-2022-36944Sep 23, 2022affected >= 2.13.0, < 2.13.9fixed 2.13.9
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary file