Welcome! Please see the About page for a little more info on how this works.

0 votes
in ClojureScript by
edited by

ClojureScript depends on a dated version of com.google.javascript/closure-compiler-unshaded (v20180805), which depends on a version of com.google.protobuf/protobuf-java (3.0.2) with known a vulnerability (CVE-2015-5237).

Logged at https://clojure.atlassian.net/browse/CLJS-3208

1 Answer

0 votes
by

Sidenote: I'm curious about which scanning software revealed the vulnerability

...