Daschmi DS.DownloadList versions up to 1.3 are affected by a deserialization of untrusted data vulnerability (CVE-2024-50507). This flaw allows an attacker to perform object injection by exploiting unsafe deserialization processes in the DS.DownloadList component. The vulnerability is remotely exploitable without authentication or user interaction and can result in full system compromise, as reflected by the CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No patch or vendor advisory details are currently available, and the product is not a cloud service, so remediation depends on vendor updates.

Successful exploitation of this vulnerability can lead to complete compromise of confidentiality, integrity, and availability of the affected system running DS.DownloadList up to version 1.3. Attackers can remotely execute arbitrary code or inject malicious objects without any privileges or user interaction, posing a critical risk to affected environments.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid exposing DS.DownloadList instances to untrusted networks or inputs that could trigger deserialization. Monitor vendor channels for updates and apply patches promptly once released.