What is CVE-2022-36944?

CVE-2022-36944 is a vulnerability in N/a. Published 2022-09-23.

Is CVE-2022-36944 known to be exploited?

18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-36944

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows atta…

EPSS: 0.678 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

yarocher/lazylist-cve-poc
emilywang0/MergeBase_
hinat0y/Dataset1
hinat0y/Dataset10
hinat0y/Dataset11
hinat0y/Dataset12
hinat0y/Dataset2
hinat0y/Dataset3
hinat0y/Dataset4
emilywang0/CVE_

References

www.scala-lang.org/download/
github.com/scala/scala/pull/10118
FEDORA-2022-34acf878fb (vendor-advisory)
FEDORA-2022-07dd9375b2 (vendor-advisory)
discuss.lightbend.com/t/impact-of-cve-2022-36944-on-akka-cluster-akka-actor-akk…
github.com/scala/scala-collection-compat/releases/tag/v2.9.0

Frequently asked questions

What is CVE-2022-36944?: CVE-2022-36944 is a vulnerability in N/a. Published 2022-09-23.
Is CVE-2022-36944 known to be exploited?: 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.