Under org.clojure:clojure (1.9.0 - 1.12.0), there exists a OS Command Injection initiated through deserialization. Arbitrary command execution can be achieved by constructing suitable objects.
The latest conclusion is that the poc generated by the same version of clojure can directly affect the command execution in the corresponding version, without considering the fn 5920 anonymous function class, see New Way Clojure.
core$partial$fn__5920
is actually obtained by reading the jar file, and I am not very familiar with Clojure.The discovery of this vulnerability was made using a private tool, but due to a lack of knowledge in Clojure.
Build POC by obtaining anonymous function classes, skipping version restrictions and without process$start.
Serialization Data Generation Script
Clojure DeSerialization Script