Vulnerabilities > CVE-2017-20189 - Deserialization of Untrusted Data vulnerability in Clojure

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
clojure
CWE-502
critical
NVD
Published: 2024-01-22
Updated: 2024-01-30

Summary

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.

Vulnerable Configurations

Part Description Count
Application
Clojure
89

Common Weakness Enumeration (CWE)

References