Headline
GHSA-jgxc-8mwq-9xqw: Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Critical severity GitHub Reviewed Published Jan 22, 2024 to the GitHub Advisory Database • Updated Jan 22, 2024
ghsa: Latest News
GHSA-ggmv-j932-q89q: Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout