Severity: Critical
CVSS Score: 9.8
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.