slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...