CVE-2017-20189

Publication date

2024-01-22 00:00:00

Family

mitre

State

PUBLISHED

Description

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.