Insecure Deserialization

GPTKB entity

Statements (28)
Predicate Object
gptkbp:instanceOf Security Vulnerability
gptkbp:affects Software Applications
gptkbp:cause gptkb:Privilege_Escalation
gptkb:Denial_of_Service
gptkb:Authentication_Bypass
Remote Code Execution
Data Tampering
gptkbp:commonIn .NET Applications
Java Applications
PHP Applications
Python Applications
Ruby Applications
gptkbp:describedBy gptkb:OWASP_Top_Ten
gptkb:CWE-502
gptkbp:detects gptkb:Dynamic_Application_Security_Testing
Static Code Analysis
Manual Code Review
gptkbp:exploits Malicious Payloads
gptkbp:firstDescribed Early 2000s
https://www.w3.org/2000/01/rdf-schema#label Insecure Deserialization
gptkbp:mitigatedBy Input Validation
Avoiding Native Deserialization
Deserialization Whitelisting
Integrity Checks
gptkbp:requires User-supplied Serialized Data
gptkbp:riskFactor High
gptkbp:bfsParent gptkb:Software_and_Data_Integrity_Failures
gptkbp:bfsLayer 6