nGrinder prior to 3.5.9 uses old version of SnakeYAML, which could allow remote malicious user to execute arbitrary code via unsafe deserialization.