{"url":"http://public2.vulnerablecode.io/api/packages/56885?format=json","purl":"pkg:maven/org.scala-lang/scala-compiler@2.12.4","type":"maven","namespace":"org.scala-lang","name":"scala-compiler","version":"2.12.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40383?format=json","vulnerability_id":"VCID-vth7-w72w-skc5","summary":"Incorrect Permission Assignment for Critical Resource\nThe compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.","references":[{"reference_url":"https://github.com/scala/scala/pull/6108","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/scala/scala/pull/6108"},{"reference_url":"https://github.com/scala/scala/pull/6120","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/scala/scala/pull/6120"},{"reference_url":"https://github.com/scala/scala/pull/6128","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/scala/scala/pull/6128"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15288","reference_id":"CVE-2017-15288","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15288"},{"reference_url":"https://github.com/advisories/GHSA-qvxv-pmq9-4q7g","reference_id":"GHSA-qvxv-pmq9-4q7g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qvxv-pmq9-4q7g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56883?format=json","purl":"pkg:maven/org.scala-lang/scala-compiler@2.10.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.scala-lang/scala-compiler@2.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/56884?format=json","purl":"pkg:maven/org.scala-lang/scala-compiler@2.11.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.scala-lang/scala-compiler@2.11.12"},{"url":"http://public2.vulnerablecode.io/api/packages/56885?format=json","purl":"pkg:maven/org.scala-lang/scala-compiler@2.12.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.scala-lang/scala-compiler@2.12.4"}],"aliases":["CVE-2017-15288","GHSA-qvxv-pmq9-4q7g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vth7-w72w-skc5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.scala-lang/scala-compiler@2.12.4"}