A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows malicious users to execute arbitrary commands via supplying crafted data.