Hello GeoServer Team,
I'd like to report to you a remote code execution vulnerability.
I found it during a penetration test for a customer this week.
The the attached requests executes" /usr/bin/xterm" on the target
The problem is that your REST implementation is using Xstream that is configured in an insecure way.
Please let me know if you have any questions.