CVE-2022-36944

N/A

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.

N/A

N/A

Scala 代码问题漏洞

Scala是Scala开源的一个 Scala 2 编译器和标准库。 Scala 2.13.9之前的2.13.x版本存在代码问题漏洞，该漏洞源于JAR文件中有一个Java反序列化链，它不能被利用，与应用程序中的LazyList对象反序列化一起存在风险。在这种情况下，它允许攻击者擦除任意文件的内容，建立网络连接，或者可能通过小工具链运行任意代码（特别是 Function0 函数）。

N/A

N/A