In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.
{ "ubuntu_priority": "medium" }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.10.1-1", "binary_name": "clojure" }, { "binary_version": "1.10.1-1", "binary_name": "libclojure-java" } ] }