Java Serialization appears to be in use. If not properly validated, an attacker could send a specially crafted object, leading to a dangerous Remote Code Execution. A magic sequence identifying Java Serialized Objects (JSO) has been detected (Base64: rO0AB, Raw: 0xac, 0xed, 0x00, 0x05).
Deserialization of untrusted data is inherently dangerous and should be avoided.