Scala Collection Compat
1 CVEs
product
Monthly
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RCE
Deserialization
Java
Scala
Scala Collection Compat
+1
NVD
GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2022-36944
Maven
EPSS 8%
CVSS 9.8
CRITICAL
POC
PATCH
Act Now
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RCE
Deserialization
Java
+3
NVD
GitHub