From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID and Name**: - Vulnerability ID: GHSL-2022-085 - Vulnerability Name: Java deserialization leading to RCE in pac4j-core - CVE-2023-25581 2. **Release Date**: - Release Date: February 2, 2023 3. **Reporting and Confirmation Dates**: - Reported: February 2, 2023 - Confirmed: February 14, 2023 4. **Product Name**: - Product Name: pac4j-core 5. **Affected Versions**: - Version: v3.8.3 6. **Issue Description**: - pac4j-core versions prior to 4 are affected by a Java deserialization vulnerability. This vulnerability impacts properties in the UserProfile class of pac4j-core that store externally controlled values. By providing attributes with a special prefix `{#sb64}` followed by Base64-encoded data, the vulnerability can be exploited. 7. **Fix Status**: - Fix Status: A fix has been released in version 4.0. 8. **Impact**: - May lead to Remote Code Execution (RCE). 9. **Resources**: - Related Resources: Insecure deserialization, Ysoserial project. 10. **CVE Number**: - CVE Number: CVE-2023-25581 11. **Reporter**: - Reporter: GHSL team member @artsploit (Michael Stepankin). 12. **Contact Information**: - Contact: Reach out to the GHSL team via securitylab@github.com, including the reference GHSL-2022-085 in your communication. This information provides a detailed description of the vulnerability, including its impact, fix status, and reporter details.