CVE-2017-20189: In Clojure before 1.9.0, classes can be used to construct a serialized ...

Severity: Critical

CVSS Score: 9.8

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.