CVE-2024-22871

HIGH

Clojure <1.13 - DoS

Title source: llm

Description

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.

References (7)

[Exploit] https://hackmd.io/%40fe1w0/rymmJGida

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/

Scores

CVSS v3 7.5

EPSS 0.0060

EPSS Percentile 69.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-502

Status published

Affected Products (13)

clojure/clojure < 1.11.2

clojure/clojure

fedoraproject/fedora

org.clojure/clojure < 1.11.2Maven

Timeline

Published Feb 29, 2024

Tracked Since Feb 18, 2026