All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.

Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console