cvedb.io
CVE-2018-6331
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-12-31T23:29:00.237 · Last modified 2026-06-17T02:01:40.410

Summary

Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.

Affected products

facebook — buck

Does this affect you?

Add your gear to cvedb and we'll alert you only when facebook ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.