VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference=../../../set/set[2] is used, aka an insecure deserialization issue.
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.