Home / Vulnerability Database / Config files : Deserialization of untrusted data
Config files
Config files : Deserialization of untrusted data
Classification
OWASP Top 10 2013
OWASP Top 10 2017
OWASP Top 10 2021
OWASP MASVS
OWASP ASVS
PCI DSS 4.0
CWE/SANS Top 25 2021
Overview
Deserialization of user-controlled objects can lead to arbitrary code execution on the server.
Deserializing objects from a standard thread is insecure, because an attacker can override the contents and cause the application to execute arbitrary code. Even if you check the types after deserialization, the malicious code can already be executed, since it happens during deserialization.
MEDIUM
DerScanner Severity Score
Do you want to fix Config files : Deserialization of untrusted data in your application?
See also
Config files
Config files : Text4Shell Vulnerability
Config files
Config files : Incorrect directory deletion
Config files