DerScanner
Home / Vulnerability Database / Java : Incorrect modifier of serialPersistentFields
Java

Java : Incorrect modifier of serialPersistentFields

Overview

For correct serialization the serialPersistentFields array must be defined with the private, static, and final modifiers.

The Java specification allows developers to determine which fields are to be serialized by specifying them in the serialPersistentFields array. It is required to declare serialPersistentFields as private, static, and final.

References

  1. Java Object Serialization Specification - docs.oracle.com
  2. Serialization - What is the advantage of using ObjectStreamField [] serialPersistentFields? - stackoverflow.com
LOW

DerScanner Severity Score

Do you want to fix Java : Incorrect modifier of serialPersistentFields in your application?

See also

Java

Java : Race condition

Java

Java : Text4Shell Vulnerability

Java

Java : JNI usage