The compilation daemon in Scala prior to 2.10.7, 2.11.x prior to 2.11.12, and 2.12.x prior to 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
scala-lang scala |