A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-33420
https://github.com/…