Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt