It was discovered that the MySQL Connector/J client could deserialize certain database contents, regardless of the “autoDeserialize” option. If the client processes data received from an untrusted or compromised database server, a remote attacker could exploit this flaw to cause remote code execution.