[GHSA-vr64-r9qj-h27f] org.clojure:clojure@1.10.3: Deserialization infinite loop

## Vulnerability Details

- **Advisory:** [GHSA-vr64-r9qj-h27f](https://github.com/advisories/GHSA-vr64-r9qj-h27f)
- **Package:** `org.clojure:clojure`
- **Current Version:** 1.10.3
- **Fixed Version:** 1.12.0
- **Severity:** Reading specially crafted serializable objects from an untrusted source may cause an infinite loop

## Description

The current `deps.edn` declares a dependency on `org.clojure/clojure` version `1.10.3`, which is affected by GHSA-vr64-r9qj-h27f. This vulnerability allows an attacker to cause an infinite loop by providing specially crafted serializable objects to be read from an untrusted source.

## Recommended Fix

Bump `org.clojure/clojure` from `1.10.3` to `1.12.0` (latest stable release) in `deps.edn`.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-vr64-r9qj-h27f] org.clojure:clojure@1.10.3: Deserialization infinite loop #8

Vulnerability Details

Description

Recommended Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[GHSA-vr64-r9qj-h27f] org.clojure:clojure@1.10.3: Deserialization infinite loop #8

Description

Vulnerability Details

Description

Recommended Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions