Lucene search

Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization

🗓️ 22 Jan 2024 06:32:30Reported by GoogleType

osv🔗 osv.dev👁 12 Views

Insecure deserialization in Clojure 1.9.

Reporter	Title	Published	Views	Family All 12
OSV	CVE-2017-20189	22 Jan 202406:15	–	osv
CVE	CVE-2017-20189	22 Jan 202406:15	–	cve
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.4 has addressed a security vulnerability in Clojure (CVE-2017-20189)	28 Mar 202414:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	27 Jun 202422:37	–	ibm
UbuntuCve	CVE-2017-20189	22 Jan 202400:00	–	ubuntucve
Github Security Blog	Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization	22 Jan 202406:30	–	github
Veracode	Arbitrary Code Execution	24 Jan 202412:53	–	veracode
Cvelist	CVE-2017-20189	22 Jan 202400:00	–	cvelist
NVD	CVE-2017-20189	22 Jan 202406:15	–	nvd
Prion	Deserialization of untrusted data	22 Jan 202406:15	–	prion

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-20189
github	www.github.com/frohoff/ysoserial/pull/68/files
github	www.github.com/clojure/clojure/commit/271674c9b484d798484d134a5ac40a6df15d3ac3
clojure	www.clojure.atlassian.net/browse/CLJ-2204
github	www.github.com/clojure/clojure
groups	www.groups.google.com/d/msg/clojure/WaL3hHzsevI/7zHU-L7LBQAJ
hackmd	www.hackmd.io/%40fe1w0/HyefvRQKp
security	www.security.snyk.io/vuln/SNYK-JAVA-ORGCLOJURE-5740378

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Jan 2024 06:30Current

7.3High risk

Vulners AI Score7.3

CVSS39.8

EPSS0.00169