CVE-2022-36944

Name of the Vulnerable Software and Affected Versions Scala versions 2.13.x before 2.13.9

Description The issue is related to errors in data deserialization. It may allow a remote attacker to execute arbitrary code, erase the contents of arbitrary files, or make network connections via a gadget chain, specifically exploiting Function0 functions. This risk exists when Java object deserialization or LazyList object deserialization occurs within an application.

Recommendations For Scala versions 2.13.x before 2.13.9, update to version 2.13.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of Java object deserialization and LazyList object deserialization within applications to minimize the risk of exploitation.