In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.clojure:clojure(Maven) | 0 | 1.9.0 | N/A |
CVSS Metrics
