CWE-502

URI: https://gptkb.org/entity/CWE-502
GPTKB entity
Statements (25)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:affects Applications that deserialize data
gptkbp:category Software Weakness
gptkbp:cause gptkb:Denial_of_Service
gptkb:Security_Bypass
Remote Code Execution
gptkbp:describes Deserialization of data from untrusted sources without proper validation
gptkbp:documentedIn gptkb:MITRE
gptkbp:example gptkb:Java_deserialization_vulnerability
gptkb:Python_pickle_deserialization_vulnerability
gptkbp:externalLink https://cwe.mitre.org/data/definitions/502.html
https://www.w3.org/2000/01/rdf-schema#label CWE-502
gptkbp:mitigatedBy Avoid deserializing data from untrusted sources
Implement integrity checks
Use safe serialization formats
Validate and sanitize all serialized data
gptkbp:name Deserialization of Untrusted Data
gptkbp:partOf gptkb:CWE_Top_25_Most_Dangerous_Software_Weaknesses
gptkbp:relatedTo gptkb:Insecure_Deserialization
gptkbp:vulnerableTo 502
gptkbp:bfsParent gptkb:CWE
gptkb:CVE-2019-2725
gptkb:CVE-2021-44228
gptkb:Insecure_Deserialization
gptkbp:bfsLayer 7