4.0.1

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-27	CVE-2019-9212	Deserialization of Untrusted Data vulnerability in Antfin Sofa-Hessian SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. network low complexity antfin CWE-502 critical	9.8