CVE-2017-15288

Published November 15th, 2017

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

7.2

HIGH

Affected

PROJECT

Description

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.

scala/scala

Scala 2 compiler and standard library. Scala 2 bugs at https://github.com/scala/bug; Scala 3 at https://github.com/scala/scala3

GitHub

14.6K