Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.scala-lang/scala-compiler@2.12.4

Type maven

Namespace org.scala-lang

Name scala-compiler

Version 2.12.4

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.10.7

Latest_non_vulnerable_version 2.12.4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-vth7-w72w-skc5

vulnerability_id VCID-vth7-w72w-skc5

summary

Incorrect Permission Assignment for Critical Resource
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.

references

reference_url	https://github.com/scala/scala/pull/6108
reference_id
reference_type
scores
url	https://github.com/scala/scala/pull/6108

reference_url	https://github.com/scala/scala/pull/6120
reference_id
reference_type
scores
url	https://github.com/scala/scala/pull/6120

reference_url	https://github.com/scala/scala/pull/6128
reference_id
reference_type
scores
url	https://github.com/scala/scala/pull/6128

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-15288
reference_id	CVE-2017-15288
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-15288

reference_url	https://github.com/advisories/GHSA-qvxv-pmq9-4q7g
reference_id	GHSA-qvxv-pmq9-4q7g
reference_type
scores
url	https://github.com/advisories/GHSA-qvxv-pmq9-4q7g

fixed_packages

url	pkg:maven/org.scala-lang/scala-compiler@2.10.7
purl	pkg:maven/org.scala-lang/scala-compiler@2.10.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.scala-lang/scala-compiler@2.10.7

url	pkg:maven/org.scala-lang/scala-compiler@2.11.12
purl	pkg:maven/org.scala-lang/scala-compiler@2.11.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.scala-lang/scala-compiler@2.11.12

url	pkg:maven/org.scala-lang/scala-compiler@2.12.4
purl	pkg:maven/org.scala-lang/scala-compiler@2.12.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.scala-lang/scala-compiler@2.12.4

aliases CVE-2017-15288, GHSA-qvxv-pmq9-4q7g

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vth7-w72w-skc5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.scala-lang/scala-compiler@2.12.4

Package Instance