An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.
{ "nvd_published_at": "2023-05-16T16:15:10Z", "github_reviewed_at": "2023-05-17T03:48:55Z", "github_reviewed": true, "severity": "CRITICAL", "cwe_ids": [ "CWE-502" ] }