← Back

Scala Collection Compat

scala-collection-compat

Vendor: Scala Lang • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-36944
2Fedoraproject
Scala Lang
3Fedora
ScalaScala Collection Compat
May 27, 2025
Sep 23, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situati...Show more
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.Show less