apache-geode is vulnerable to deserialization of untrusted data. The vulnerability exists because the serialization filtering is not properly configured for JMX/RMI which allows an attacker to to inject and execute arbitrary code through the untrusted data.