CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
13.2%
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip
allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorized_keys
. Within sbt’s main code, IO.unzip
is used in pullRemoteCache
task and Resolvers.remote
; however many projects use IO.unzip(...)
directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
13.2%