Ubuntu: Security Advisory (USN-8151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2023-0986

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-20189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server...

CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

Linux Distros Unpatched Vulnerability : CVE-2024-22871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service DoS via the clojure.core$partial$fn5920 function...

CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

Summary Lack of CSRF protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains...

GHSA-3JM4-C6QF-JRH3 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

Summary Lack of CSRF protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains...

ROS-20240904-10

A vulnerability in the Clojure dynamic programming language is related to the deserialization of untrusted data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Clojure dynamic programming language is related to the...

DoS (Denial of Service) org.clojure:clojure Dependency in Confluence Data Center and Server

This High severity org.clojure:clojure Dependency vulnerability was introduced in versions 6.0.0 of Confluence Data Center and Server. This org.clojure:clojure Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

OPENSUSE-SU-2024:13763-1 clojure-1.11.2.1446-1.1 on GA media

These are all security issues fixed in the clojure-1.11.2.1446-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10687-1 clojure-1.10.3.855-1.2 on GA media

These are all security issues fixed in the clojure-1.10.3.855-1.2 package on the GA media of openSUSE Tumbleweed...

Fedora 40 : clojure (2024-f7745a5990)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f7745a5990 advisory. Security fix for CVE-2024-22871 Update to upstream release 1.11.2 Tenable has extracted the preceding description block directly from the Fedora...

Mageia: Security Advisory (MGASA-2024-0093)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.4 has addressed a security vulnerability in Clojure (CVE-2017-20189)

Summary IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.4 has addressed a security vulnerability in Clojure CVE-2017-20189 by upgrading to a non-vulnerable version. Vulnerability Details CVEID:CVE-2017-20189 DESCRIPTION: Clojure could allow a remote authenticated attacker to execute...

Updated clojure packages fix security vulnerability

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service DoS via the clojure.core$partial$fn5920 function. CVE-2024-22871...

MGASA-2024-0093 Updated clojure packages fix security vulnerability

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service DoS via the clojure.core$partial$fn5920 function. CVE-2024-22871...