Find, fix and prevent vulnerabilities in your code.
critical severity
- Vulnerable module: org.scala-lang:scala-library
- Introduced through: org.scala-lang:scala-library@2.13.1, org.typelevel:cats-effect_2.13@2.2.0 and others
Detailed paths
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › org.scala-lang:scala-library@2.13.1Remediation: Upgrade to org.scala-lang:scala-library@2.13.9.
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › org.typelevel:cats-effect_2.13@2.2.0 › org.scala-lang:scala-library@2.13.1Remediation: Upgrade to org.typelevel:cats-effect_2.13@3.4.1.
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 › org.scala-lang:scala-library@2.13.1
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › org.typelevel:cats-effect_2.13@2.2.0 › org.typelevel:cats-core_2.13@2.2.0 › org.scala-lang:scala-library@2.13.1Remediation: Upgrade to org.typelevel:cats-effect_2.13@3.0.0.
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 › io.chrisdavenport:log4cats-core_2.13@1.0.1 › org.scala-lang:scala-library@2.13.1
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 › org.scala-lang:scala-reflect@2.13.0 › org.scala-lang:scala-library@2.13.1
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 › org.typelevel:cats-effect_2.13@2.2.0 › org.scala-lang:scala-library@2.13.1
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › org.typelevel:cats-effect_2.13@2.2.0 › org.typelevel:cats-core_2.13@2.2.0 › org.typelevel:cats-kernel_2.13@2.2.0 › org.scala-lang:scala-library@2.13.1Remediation: Upgrade to org.typelevel:cats-effect_2.13@3.0.0.
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 › io.chrisdavenport:log4cats-core_2.13@1.0.1 › org.typelevel:cats-core_2.13@2.2.0 › org.scala-lang:scala-library@2.13.1
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 › org.typelevel:cats-effect_2.13@2.2.0 › org.typelevel:cats-core_2.13@2.2.0 › org.scala-lang:scala-library@2.13.1
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 › io.chrisdavenport:log4cats-core_2.13@1.0.1 › org.typelevel:cats-core_2.13@2.2.0 › org.typelevel:cats-kernel_2.13@2.2.0 › org.scala-lang:scala-library@2.13.1
-
Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a › io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 › org.typelevel:cats-effect_2.13@2.2.0 › org.typelevel:cats-core_2.13@2.2.0 › org.typelevel:cats-kernel_2.13@2.2.0 › org.scala-lang:scala-library@2.13.1
Overview
Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to a vulnerable Java deserialization chain when used in conjunction with LazyList
object deserialization, which may allow execution of an arbitrary Function0
.
Remediation
Upgrade org.scala-lang:scala-library
to version 2.13.9 or higher.