Russian Vulnerability Scanner Database

Back to List

CVE-2022-36944

Scores

EPSS

0.652medium65.2%
0%20%40%60%80%100%

Percentile: 65.2%

CVSS

8.1high3.x
0246810

CVSS Score: 8.1/10

All CVSS Scores

CVSS 3.x
8.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

502CWE-502

Related Vulnerabilities

BDU:2023-00169

Vulnerable Software (19)

Type: Configuration

Product: scala

Operating System: altlinux

Trait: 
{  "fixed": "0:2.13.9-alt1"}

Source: redhat

Type: Configuration

Product: scala

Operating System: ubuntu bionic 18.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu focal 20.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu jammy 22.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu kinetic 22.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu lunar 23.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu mantic 23.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu noble 24.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu oracular 24.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu plucky 25.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu trusty 14.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: ubuntu xenial 16.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: scala

Operating System: debian

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: scala-apidoc

Operating System: altlinux

Trait: 
{  "fixed": "0:2.13.9-alt1"}

Source: redhat

Type: Configuration

Product: scala-library

Operating System: altlinux

Trait: 
{  "fixed": "0:2.13.9-alt1"}

Source: redhat

Type: Configuration

Product: scala-reflect

Operating System: altlinux

Trait: 
{  "fixed": "0:2.13.9-alt1"}

Source: redhat

Type: Configuration

Vendor: *

Product: fedora

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: *

Product: scala

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:scala-lang:scala:*:*:*:*:*:*:*:*",      "versionEndExcluding": "2.13.9",      "versionStartIncluding": "2.13.0",      "vulnerable": true    },...

Source: nvd

Type: Configuration

Vendor: *

Product: scala-collection-compat

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:scala-lang:scala:*:*:*:*:*:*:*:*",      "versionEndExcluding": "2.13.9",      "versionStartIncluding": "2.13.0",      "vulnerable": true    },...

Source: nvd

End of list