SeventhQueen Sweet Date before version 4.0.1 is affected by a deserialization of untrusted data vulnerability that permits object injection attacks. This vulnerability allows an attacker to send crafted serialized data to the application, potentially leading to remote code execution or other severe impacts. The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability affects all versions prior to 4.0.1, but no official patch or remediation guidance is currently provided.

Successful exploitation of this vulnerability can result in full compromise of the affected system, including unauthorized disclosure of information, modification of data, and disruption of service. Given the critical CVSS score and the nature of object injection via deserialization, attackers could execute arbitrary code remotely without authentication.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, it is recommended to restrict access to the vulnerable application, implement input validation or filtering where possible, and monitor for suspicious activity related to deserialization. Avoid processing untrusted serialized data.