A remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-38023