Orion has published a networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE).
Chief among them is a JSON de-serialization vulnerability that allows an authenticated user to execute arbitrary code. It has been rated critical in severity.
CVE-2020-35856 - CVE-2021-3109
