Too Long; Didn't Read
Sitecore XP is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. The vulnerability occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. No authentication or special configuration is required to exploit this vulnerability. The recommended solution is to upgrade to a secure version, ideally a higher version, or higher. The flaw can be mitigated by deleting the.ashx file from “sitecore” on all instances.