Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution:An XML deserialization vulnerability was discovered in slf4j#039;s EventData which accepts anXML serialized string and can lead to arbitrary code execution