admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-201xx/CVE-2017-20189.json

112 lines
2.9 KiB
JSON
Raw Normal View History

Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
{
"id": "CVE-2017-20189",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T06:15:07.563",
Auto-Update: 2024-01-31T00:55:25.206071+00:00
2024-01-31 00:55:28 +00:00
"lastModified": "2024-01-30T23:01:53.763",
"vulnStatus": "Analyzed",
Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
"descriptions": [
{
"lang": "en",
"value": "In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects."
Auto-Update: 2024-01-22T15:00:25.373801+00:00
2024-01-22 15:00:29 +00:00
},
{
"lang": "es",
"value": "En Clojure anterior a 1.9.0, las clases se pueden usar para construir un objeto serializado que ejecuta c\u00f3digo arbitrario tras la deserializaci\u00f3n. Esto es relevante si un servidor deserializa objetos que no son de confianza."
Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
}
],
Auto-Update: 2024-01-31T00:55:25.206071+00:00
2024-01-31 00:55:28 +00:00
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clojure:clojure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "BF6C5ABE-97CB-400C-880A-453F5CA13383"
}
]
}
]
}
],
Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
"references": [
{
"url": "https://clojure.atlassian.net/browse/CLJ-2204",
Auto-Update: 2024-01-31T00:55:25.206071+00:00
2024-01-31 00:55:28 +00:00
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
},
{
"url": "https://github.com/clojure/clojure/commit/271674c9b484d798484d134a5ac40a6df15d3ac3",
Auto-Update: 2024-01-31T00:55:25.206071+00:00
2024-01-31 00:55:28 +00:00
"source": "cve@mitre.org",
"tags": [
"Patch"
]
Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
},
{
"url": "https://github.com/frohoff/ysoserial/pull/68/files",
Auto-Update: 2024-01-31T00:55:25.206071+00:00
2024-01-31 00:55:28 +00:00
"source": "cve@mitre.org",
"tags": [
"Patch"
]
Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
},
{
"url": "https://hackmd.io/%40fe1w0/HyefvRQKp",
Auto-Update: 2024-01-31T00:55:25.206071+00:00
2024-01-31 00:55:28 +00:00
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGCLOJURE-5740378",
Auto-Update: 2024-01-31T00:55:25.206071+00:00
2024-01-31 00:55:28 +00:00
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
Auto-Update: 2024-01-22T07:00:24.465481+00:00
2024-01-22 07:00:28 +00:00
}
]
}
Reference in New Issue Copy Permalink