9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-36944

GHSA ID

GHSA-8qv5-68g4-248j

EPSS Score

0.98606%

CWE

CWE-502

Published

9/25/2022

Updated

1/31/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-36944

CVE-2022-36944: Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-36944

CVE-2022-36944:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-36944

GHSA ID

GHSA-8qv5-68g4-248j

EPSS Score

0.98606%

CWE

CWE-502

Published

9/25/2022

Updated

1/31/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.scala-lang:scala-library	maven	>= 2.13.0, < 2.13.9	2.13.9

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsafe deserialization handling in LazyList's SerializationProxy. The original implementation (before 2.13.9) used 'tail.prependedAll(init)' during deserialization, which could trigger evaluation of a forged Function0 (lazyState) from the deserialized tail. The GitHub PR #10118 specifically modifies this deserialization path to use 'stateFromIteratorConcatSuffix' instead, preventing immediate Function0 execution. This matches the CVE description of Function0-based gadget chain exploitation during LazyList deserialization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-36944: Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization

CVE-2022-36944:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

CVE-2022-36944: Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization

9.8

9.8

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI