Insecure Deserialization

Vulnerability Details

The application deserializes untrusted data without proper validation, allowing attackers to manipulate serialized objects to achieve malicious outcomes.

Successful exploitation could lead to remote code execution, privilege escalation, injection attacks, or denial of service.

Avoid deserializing data from untrusted sources. Implement integrity checks on serialized objects. Use language-specific security controls. Consider using safer data formats like JSON.

• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests