insecure deserialization
Insecure deserialization refers to a vulnerability in software systems where untrusted data that is deserialized (converted from a serialized format into an object) is not properly validated or sanitized, potentially exposing the system to malicious attacks such as remote code execution, unauthorized access, or data manipulation.
Requires login.
Related Concepts (2)
Similar Concepts
- data deserialization
- insecure attachment
- insecure coding practices
- insecure cryptographic storage
- insecure deserialization of files
- insecure direct object references
- insecure file handling
- insecure file permissions
- insecure inter-process communication
- insecure memory access
- insecure temporary file creation
- insecure token storage
- insecurity
- object serialization
- server-side deserialization vulnerabilities