Vulnerabilities

 1 via 12 paths

Dependencies

 8

Source

 GitHub

Commit

 d8800b56

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

critical severity

Remote Code Execution (RCE)

  • Vulnerable module: org.scala-lang:scala-library
  • Introduced through: org.scala-lang:scala-library@2.13.1, org.typelevel:cats-effect_2.13@2.2.0 and others

Detailed paths

  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a org.scala-lang:scala-library@2.13.1
    Remediation: Upgrade to org.scala-lang:scala-library@2.13.9.
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a org.typelevel:cats-effect_2.13@2.2.0 org.scala-lang:scala-library@2.13.1
    Remediation: Upgrade to org.typelevel:cats-effect_2.13@3.4.1.
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 org.scala-lang:scala-library@2.13.1
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a org.typelevel:cats-effect_2.13@2.2.0 org.typelevel:cats-core_2.13@2.2.0 org.scala-lang:scala-library@2.13.1
    Remediation: Upgrade to org.typelevel:cats-effect_2.13@3.0.0.
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 io.chrisdavenport:log4cats-core_2.13@1.0.1 org.scala-lang:scala-library@2.13.1
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 org.scala-lang:scala-reflect@2.13.0 org.scala-lang:scala-library@2.13.1
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 org.typelevel:cats-effect_2.13@2.2.0 org.scala-lang:scala-library@2.13.1
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a org.typelevel:cats-effect_2.13@2.2.0 org.typelevel:cats-core_2.13@2.2.0 org.typelevel:cats-kernel_2.13@2.2.0 org.scala-lang:scala-library@2.13.1
    Remediation: Upgrade to org.typelevel:cats-effect_2.13@3.0.0.
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 io.chrisdavenport:log4cats-core_2.13@1.0.1 org.typelevel:cats-core_2.13@2.2.0 org.scala-lang:scala-library@2.13.1
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 org.typelevel:cats-effect_2.13@2.2.0 org.typelevel:cats-core_2.13@2.2.0 org.scala-lang:scala-library@2.13.1
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 io.chrisdavenport:log4cats-core_2.13@1.0.1 org.typelevel:cats-core_2.13@2.2.0 org.typelevel:cats-kernel_2.13@2.2.0 org.scala-lang:scala-library@2.13.1
  • Introduced through: mkotsur/artc@mkotsur/artc#d8800b56089dced1207430183a4a89073427fc6a io.chrisdavenport:log4cats-slf4j_2.13@1.0.1 org.typelevel:cats-effect_2.13@2.2.0 org.typelevel:cats-core_2.13@2.2.0 org.typelevel:cats-kernel_2.13@2.2.0 org.scala-lang:scala-library@2.13.1

Overview

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to a vulnerable Java deserialization chain when used in conjunction with LazyList object deserialization, which may allow execution of an arbitrary Function0.

Remediation

Upgrade org.scala-lang:scala-library to version 2.13.9 or higher.

References

Remote Code Execution (RCE) vulnerability report