org.clojure:clojure@1.9.0-beta2 vulnerabilities
-
latest version
1.12.0
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
3 months ago
-
licenses detected
- [1.0.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.clojure:clojure package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Infinite Loop initiated through deserialization, via the How to fix Infinite Loop? Upgrade |
[1.2.0,1.11.2)
[1.12.0-alpha1,1.12.0-alpha9)
|
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. If a server can deserialize objects from an untrusted source, it is possible to craft a serialized object that runs arbitrary code on deserialization. Note: The attacker would likely need to be in a position with elevated trust in order to pass a malicious payload and the attack depends on conditions that are not entirely under his control. How to fix Deserialization of Untrusted Data? Upgrade |
[1.2.0,1.9.0)
|