Alvaro Muñoz and Christian Schneider discovered that BeanShell, an
embeddable Java source interpreter, could be leveraged to execute
arbitrary commands: applications including BeanShell in their
classpath are vulnerable to this flaw if they deserialize data from an
untrusted source.