Vulnerabilities

 1 via 1 paths

Dependencies

 1

Source

 GitHub

Commit

 3a34e412

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

critical severity

Remote Code Execution (RCE)

  • Vulnerable module: org.scala-lang:scala-library
  • Introduced through: org.scala-lang:scala-library@2.13.0

Detailed paths

  • Introduced through: albertpastrana/uscala@albertpastrana/uscala#3a34e412c0c93ee107641825c5ca0c3f91bc3872 org.scala-lang:scala-library@2.13.0
    Remediation: Upgrade to org.scala-lang:scala-library@2.13.9.

Overview

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to a vulnerable Java deserialization chain when used in conjunction with LazyList object deserialization, which may allow execution of an arbitrary Function0.

Remediation

Upgrade org.scala-lang:scala-library to version 2.13.9 or higher.

References

Remote Code Execution (RCE) vulnerability report