← Back to CVE List
CVE-2017-20189
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt