Which vulnerability class occurs when an application deserializes untrusted data, allowing attackers to execute arbitrary code?