CVE-2018-6331
CRITICALFacebook Buck < 2018.06.25.01 - Insecure Deserialization
Title source: ruleDescription
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf
Scores
CVSS v3
9.8
EPSS
0.0089
EPSS Percentile
75.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (1)
facebook/buck
< 2018.06.25.01
Published
Dec 31, 2018
Tracked Since
Feb 18, 2026