Under org.clojure:clojur (1.2.0 - 1.12.0-alpha5), there exists a denial of service attack initiated through deserialization. By constructing appropriate objects, continuous hashcode calculations can be initiated.
core$partial$fn__5920
is actually obtained by reading the jar file, and I am not very familiar with Clojure.The discovery of this vulnerability was made using a private tool, but due to a lack of knowledge in Clojure.
Serialization Data Generation Script
Clojure DeSerialization Script
This way will affect versions from 1.2.0 - 1.12.0.
Links(Taking from Eugene Pakhomov):