Comments (1)
Thanks for the report @ZDevelop94, however this is an sbt plugin meaning that it's on 2.12 and the CVE you have listed applies to 2.13.
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.
from sbt-scoverage.
Related Issues (20)
- Loading project definition for scala 3 project fails when switching from 2.0.0 to 2.0.4 HOT 2
- coverage compilation fails for scala 3 enum extending java Enum HOT 5
- sbt-scoverage plugin installation failing with dependencies HOT 1
- Please release for Scala 2.13.10 HOT 2
- Dependency issue with play framework HOT 1
- coverageReport task fails when using Scala 3.2.0 with -Yexplicit-nulls HOT 2
- version conflicts with plugins play:sbt-plugin or sbt:sbt-site (about scala-xml) HOT 1
- Getting error after upgrading Scala version 2.13.8 -> 2.13.10 HOT 4
- Compilation with the plugin produces warning after updating to 2.x HOT 2
- Binary incompatibility after 1.9.3 when used together with sbt-scalastyle-plugin HOT 1
- No source root found for `'.../library/src/scala/Tuple.scala' (source roots: '.../src/main/scala/')` HOT 2
- Degraded performance after upgrading to v1.8+ HOT 1
- [Question] How to use plugin in an enterprise environment? HOT 4
- Release 8ba258c HOT 4
- NoDenotation error with scala 3.3.0 HOT 4
- NoDenotation error with scala 3.3.0 HOT 3
- Second time coverage gives 0% coverage HOT 1
- Package / file exclusion does not work with Scala 3 HOT 12
- Avoid Thread.sleep during build HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sbt-scoverage.