CWE-502 (Deserialization of Untrusted Data)
GPTKB entity
Statements (24)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:affectedLanguages |
gptkb:Java
gptkb:Python gptkb:Ruby gptkb:.NET PHP |
| gptkbp:category |
Software Weakness
|
| gptkbp:cause |
gptkb:Privilege_Escalation
gptkb:Denial_of_Service Remote Code Execution |
| gptkbp:CWE-URL |
https://cwe.mitre.org/data/definitions/502.html
|
| gptkbp:describes |
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, potentially leading to remote code execution or other attacks.
|
| gptkbp:example |
PHP unserialize() remote code execution
Java deserialization vulnerability in Apache Commons Collections |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-502 (Deserialization of Untrusted Data)
|
| gptkbp:mitigatedBy |
Use safe serialization formats.
Validate and sanitize all serialized data before deserialization. Implement integrity checks such as digital signatures. |
| gptkbp:name |
Deserialization of Untrusted Data
|
| gptkbp:relatedTo |
CVE vulnerabilities involving deserialization
OWASP Top 10 A8:2017-Insecure Deserialization |
| gptkbp:vulnerableTo |
502
|
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|