CVE-2022-36944 – Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, i …

23 September 2022

Vuln ID: CVE-2022-36944

Published: 2022-09-23 18:15:10Z

Description: Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.

Source: NVD.NIST.GOV

Date:

23 September 2022

Categorie(s):

NVD

Tag(s):

NVD

An Empty S3 Bucket Can Make Your AWS Bills Explode30 April 2024
Triangulation fraud: The costly scam hitting online retailers30 April 2024
Tracecat: Open-source SOAR30 April 2024
Why the automotive sector is a target for email-based cyber attacks30 April 2024
Passwords under seven characters can be easily cracked30 April 2024