Maven package
org.clojure/clojure
pkg:maven/org.clojure/clojure
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22871 | — | >= 1.7.0, < 1.11.2 | 1.11.2 | Feb 29, 2024 | An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function. | ||
| CVE-2017-20189 | — | < 1.9.0 | 1.9.0 | Jan 22, 2024 | In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects. |
- CVE-2024-22871Feb 29, 2024affected >= 1.7.0, < 1.11.2fixed 1.11.2
An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.
- CVE-2017-20189Jan 22, 2024affected < 1.9.0fixed 1.9.0
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.