ignite-core is vulnerable to remote code execution (RCE) attacks. The library does not restrict the types of classes that can be serialized or deserialized, allowing a malicious user to pass a serialized class to the GridClientJdkMarshaller
endpoint to inject and execute arbitrary code.