gptkbp:instanceOf
|
gptkb:Common_Weakness_Enumeration
|
gptkbp:affects
|
Applications that deserialize data
|
gptkbp:category
|
Software Weakness
|
gptkbp:cause
|
gptkb:Denial_of_Service
gptkb:Security_Bypass
Remote Code Execution
|
gptkbp:describes
|
Deserialization of data from untrusted sources without proper validation
|
gptkbp:documentedIn
|
gptkb:MITRE
|
gptkbp:example
|
gptkb:Java_deserialization_vulnerability
gptkb:Python_pickle_deserialization_vulnerability
|
gptkbp:externalLink
|
https://cwe.mitre.org/data/definitions/502.html
|
https://www.w3.org/2000/01/rdf-schema#label
|
CWE-502
|
gptkbp:mitigatedBy
|
Avoid deserializing data from untrusted sources
Implement integrity checks
Use safe serialization formats
Validate and sanitize all serialized data
|
gptkbp:name
|
Deserialization of Untrusted Data
|
gptkbp:partOf
|
gptkb:CWE_Top_25_Most_Dangerous_Software_Weaknesses
|
gptkbp:relatedTo
|
gptkb:Insecure_Deserialization
|
gptkbp:vulnerableTo
|
502
|
gptkbp:bfsParent
|
gptkb:CWE
gptkb:CVE-2019-2725
gptkb:CVE-2021-44228
gptkb:Insecure_Deserialization
|
gptkbp:bfsLayer
|
7
|