Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: facebook
Published: 2018-12-31T23:00:00
Updated: 2024-08-05T06:01:48.362Z
Reserved: 2018-01-26T00:00:00
Link: CVE-2018-6331
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-12-31T23:29:00.237
Modified: 2024-11-21T04:10:29.953
Link: CVE-2018-6331
Redhat
No data.