hessian is remote code execution (RCE) vulnerability. It misses the blacklisting of Resin Gadget due to improper handling of com.caucho.naming.QName
and com.sun.org.apache.xpath.internal.objects.XString
when the attacker sends malicious serialized Hessian object.