Note:
This project will be discontinued after December 13, 2021. [more]
2019-05-31
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
| Products | Godot |
| Type | Deserialization of Untrusted Data (CWE-502) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/godotengine/godot/pull/27398
• https://godotengine.org/news |