Share your thoughts in the 2024 State of Clojure Survey!

Welcome! Please see the About page for a little more info on how this works.

+1 vote
in ClojureScript by
edited by

ClojureScript depends on a dated version of com.google.javascript/closure-compiler-unshaded (v20180805), which depends on a version of com.google.protobuf/protobuf-java (3.0.2) with known a vulnerability (CVE-2015-5237).

Logged at https://clojure.atlassian.net/browse/CLJS-3208

2 Answers

0 votes
by
 
Best answer

Fixed in ClojureScript >= 1.10.741

0 votes
by

Sidenote: I'm curious about which scanning software revealed the vulnerability

...