Skip to content

Commit

Permalink
Update known vulnerabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
piotr-yuxuan committed Mar 1, 2024
1 parent 06fca79 commit e21a732
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions doc/known-vulnerabilities.csv
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
DependencyName,DependencyPath,Description,License,Md5,Sha1,Identifiers,CPE,CVE,CWE,Vulnerability,Source,CVSSv2_Severity,CVSSv2_Score,CVSSv2,CVSSv3_BaseSeverity,CVSSv3_BaseScore,CVSSv3,CPE Confidence,Evidence Count,VendorProject,Product,Name,DateAdded,ShortDescription,RequiredAction,DueDate,Notes
clojure-1.12.0-alpha8.jar,/home/runner/.m2/repository/org/clojure/clojure/1.12.0-alpha8/clojure-1.12.0-alpha8.jar,Clojure core environment and runtime library.,Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php,98a5b63b4c1ba4bacefa1047f99a2606,86af583307a8349fb2d332b0938c6308c33b855a,pkg:maven/org.clojure/[email protected],cpe:2.3:a:clojure:clojure:1.12.0:pha8:*:*:*:*:*:*,CVE-2024-22871,CWE-400 Uncontrolled Resource Consumption,An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.,OSSINDEX,,,,HIGH,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,HIGH,20,,,,,,,,
core.rrb-vector-0.1.2.jar,/home/runner/.m2/repository/org/clojure/core.rrb-vector/0.1.2/core.rrb-vector-0.1.2.jar,RRB-Trees for Clojure(Script) -- see Bagwell & Rompf,Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php,71316d1ec86fe71e51819402d9a1d6af,0404feea925608b921b56acd11d3b187a0d33fe4,pkg:maven/org.clojure/[email protected],cpe:2.3:a:clojure:clojure:0.1.2:*:*:*:*:*:*:*,CVE-2017-20189,CWE-502 Deserialization of Untrusted Data,"In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.",NVD,,,,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,15,,,,,,,,
core.specs.alpha-0.2.62.jar,/home/runner/.m2/repository/org/clojure/core.specs.alpha/0.2.62/core.specs.alpha-0.2.62.jar,Specs for clojure.core,Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php,b1e37e6e8efdade6b7c2a4dd17c0d437,a2a7ea21a695561924bc8506f3feb5d8c8f894d5,pkg:maven/org.clojure/[email protected],cpe:2.3:a:clojure:clojure:0.2.62:*:*:*:*:*:*:*,CVE-2017-20189,CWE-502 Deserialization of Untrusted Data,"In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.",NVD,,,,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,17,,,,,,,,
spec.alpha-0.3.218.jar,/home/runner/.m2/repository/org/clojure/spec.alpha/0.3.218/spec.alpha-0.3.218.jar,Specification of data and functions,Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php,ecdbb58e7a95163c1369ef9fa054013d,a7dad492f8d6cf657d82dcd6b31bda0899f1ac0e,pkg:maven/org.clojure/[email protected],cpe:2.3:a:clojure:clojure:0.3.218:*:*:*:*:*:*:*,CVE-2017-20189,CWE-502 Deserialization of Untrusted Data,"In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.",NVD,,,,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,26,,,,,,,,
Expand Down

0 comments on commit e21a732

Please sign in to comment.