CVE-2017-15288

Risk Scores

Affected Products

Exploit Intelligence

• https://github.com/scala/scala/pull/6128 (circl)
• https://github.com/scala/scala/pull/6120 (circl)
• https://github.com/scala/scala/pull/6108 (circl)
• GLSA-201812-08 (circl)
• http://scala-lang.org/news/security-update-nov17.html (circl)
• [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar (circl)
• [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities (circl)
• [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities (circl)
• [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities (circl)
• [kafka-dev] 20210211 [jira] [Created] (KAFKA-12325) Update to secure versions of scala libraries due to CVE-2017-15288 (circl)

…and 23 more exploits

Timeline

• Nov 15, 2017 PoC Published
• Nov 15, 2017 CVE Published
• Apr 14, 2021 EPSS Score
• Jun 23, 2021 EPSS Score
• Aug 24, 2021 EPSS Score
• Sep 16, 2021 CVE Updated
• Oct 26, 2021 EPSS Score
• Dec 27, 2021 EPSS Score
• Feb 4, 2022 EPSS Score
• Feb 28, 2022 EPSS Score
• May 2, 2022 EPSS Score
• Sep 5, 2022 EPSS Score

References

• https://ubuntu.com/security/CVE-2017-15288 third-party-advisory
• http://scala-lang.org/news/security-update-nov17.html third-party-advisory
• https://github.com/scala/scala/pull/6108 third-party-advisory
• https://github.com/scala/scala/pull/6120 third-party-advisory
• https://github.com/scala/scala/pull/6128 third-party-advisory
• https://www.cve.org/CVERecord?id=CVE-2017-15288 third-party-advisory