Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Scala 代码问题漏洞
Vulnerability Description
Scala是Scala开源的一个 Scala 2 编译器和标准库。 Scala 2.13.9之前的2.13.x版本存在代码问题漏洞,该漏洞源于JAR文件中有一个Java反序列化链,它不能被利用,与应用程序中的LazyList对象反序列化一起存在风险。在这种情况下,它允许攻击者擦除任意文件的内容,建立网络连接,或者可能通过小工具链运行任意代码(特别是 Function0 函数)。
CVSS Information
N/A
Vulnerability Type
N/A