The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.
9.8CVSS
9.7AI Score
0.006EPSS
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.
7.5CVSS
7.5AI Score
0.067EPSS