Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: facebook

Published: 2018-12-31T23:00:00

Updated: 2024-08-05T06:01:48.362Z

Reserved: 2018-01-26T00:00:00

Link: CVE-2018-6331

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-31T23:29:00.237

Modified: 2024-11-21T04:10:29.953

Link: CVE-2018-6331

cve-icon Redhat

No data.