CVE-2021-36231
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
Date published : 2021-08-31
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt