Issue #3368121: unserialize() is insecure unless allowed classes are limited. Use a safe format like JSON or use the allowed_classes option.