← Back

Scala Lang

scala-lang

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Scala
scala
2 CVEs
Scala Collection Compat
scala-collection-compat
1 CVE

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-36944
2Fedoraproject
Scala Lang
3Fedora
ScalaScala Collection Compat
May 27, 2025
Sep 23, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situati...Show more
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.Show less
CVE-2017-15288
1Scala Lang
1Scala
May 13, 2026
Nov 15, 2017
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local use...Show more
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.Show less