Marc Bohler

**Name of the Vulnerable Software and Affected Versions** Scala versions 2.13.x before 2.13.9 **Description** The issue is related to errors in data deserialization. It may allow a remote attacker to execute arbitrary code, erase the contents of arbitrary files, or make network connections via a gadget chain, specifically exploiting `Function0` functions. This risk exists when Java object deserialization or `LazyList` object deserialization occurs within an application. **Recommendations** For Scala versions 2.13.x before 2.13.9, update to version 2.13.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of Java object deserialization and `LazyList` object deserialization within applications to minimize the risk of exploitation.