Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.
View the template here CVE-2023-0669.yaml
References:
https://infosec.exchange/@briankrebs/109795710941843934