Serialized Object Found
Impact: High
Description
Object serialization allows transferring complex data structures over channels like HTTP. But whenever there is a serialized object there would be a deserialization process in place. Object deserialization is prone to different vulnerabilities like command execution.
Recommendation
Change the application architecture and make it not dependent on object serialization from an untrusted source. Or at least use object deserialization where only primitive data types are acceptable. If you have to use object deserialization, make sure to implement integrity checks such as digital signatures on any serialized objects to prevent data tampering. Also, log any deserialization errors and monitor them.
References
👉 You might also like:
Insecure Deserialization Remote Code Execution - Vulnerability
Insecure Deserialization - Vulnerability
Old/Backup Resource Found - Vulnerability
Robots.txt Found - Vulnerability
Last updated on October 10, 2021