The server deserializes binary payloads and json/xml payload without any checks. This happens when:
- Compatibility mode is on
- Remote listeners with filters
- Remote iteration with filters
- Remote tasks with parameters
- Server is configured with MediaType.APPLICATION_OBJECT
- Potentially with JSON and XML contents sent via REST
The remote endpoints affected are REST, Hot Rod and Memcached.