Name of the Vulnerable Software and Affected Versions: symbiote/silverstripe-multivaluefield (affected versions not specified)

Description: A potential deserialisation issue has been identified, which could allow an attacker to exploit implementations of this module via object injection. Additionally, a potential cross-site scripting (XSS) issue was found and addressed. The module previously supported handling PHP objects as values, but this support has been deprecated in favor of using JSON for handling arrays.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.