ROOT-APP-MAVEN-CVE-2024-22871 CVE-2024-22871 in io.root.org.clojure:clojure - Patched by Root

Root has patched CVE-2024-22871 in the io.root.org.clojure:clojure package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2017-20189 CVE-2017-20189 in io.root.org.clojure:clojure - Patched by Root

Root has patched CVE-2017-20189 in the io.root.org.clojure:clojure package for Root:Maven. Multiple fixed versions available...

Ubuntu: Security Advisory (USN-8151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2023-0986

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-20189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server...

CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

Linux Distros Unpatched Vulnerability : CVE-2024-22871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service DoS via the clojure.core$partial$fn5920 function...

CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

Summary Lack of CSRF protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains...

GHSA-3JM4-C6QF-JRH3 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

Summary Lack of CSRF protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains...

The vulnerability of the Clojure programming language interpreter, related to the deserialization of unreliable data, allows attackers to execute arbitrary code.

The vulnerability of the Clojure programming language interpreter is related to the deserialization of unreliable data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Clojure programming language interpreter, related to the deserialization of unreliable data, allows attackers to trigger a service failure.

The vulnerability of the Clojure programming language interpreter is related to the deserialization of unreliable data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

ROS-20240904-10

A vulnerability in the Clojure dynamic programming language is related to the deserialization of untrusted data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Clojure dynamic programming language is related to the...

DoS (Denial of Service) org.clojure:clojure Dependency in Confluence Data Center and Server

This High severity org.clojure:clojure Dependency vulnerability was introduced in versions 6.0.0 of Confluence Data Center and Server. This org.clojure:clojure Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

OPENSUSE-SU-2024:10687-1 clojure-1.10.3.855-1.2 on GA media

These are all security issues fixed in the clojure-1.10.3.855-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13763-1 clojure-1.11.2.1446-1.1 on GA media

These are all security issues fixed in the clojure-1.11.2.1446-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 40 : clojure (2024-f7745a5990)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f7745a5990 advisory. Security fix for CVE-2024-22871 Update to upstream release 1.11.2 Tenable has extracted the preceding description block directly from the Fedora...