Apache Flex AMF BlazeDS Java Object Deserialization Remote Code Execution (CVE-2017-5641)

A remote code execution vulnerability exists in Apache Flex BlazeDS. This vulnerability is due to deserialization of untrusted data. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted file to the target system.

You can read the full article here.