Insecure Deserialization

URI: https://gptkb.org/entity/Insecure_Deserialization

GPTKB entity

Predicate	Object
gptkbp:instanceOf	Security Vulnerability
gptkbp:affects	Software Applications
gptkbp:cause	gptkb:Privilege_Escalation gptkb:Denial_of_Service gptkb:Authentication_Bypass Remote Code Execution Data Tampering
gptkbp:commonIn	.NET Applications Java Applications PHP Applications Python Applications Ruby Applications
gptkbp:describedBy	gptkb:OWASP_Top_Ten gptkb:CWE-502
gptkbp:detects	gptkb:Dynamic_Application_Security_Testing Static Code Analysis Manual Code Review
gptkbp:exploits	Malicious Payloads
gptkbp:firstDescribed	Early 2000s
https://www.w3.org/2000/01/rdf-schema#label	Insecure Deserialization
gptkbp:mitigatedBy	Input Validation Avoiding Native Deserialization Deserialization Whitelisting Integrity Checks
gptkbp:requires	User-supplied Serialized Data
gptkbp:riskFactor	High
gptkbp:bfsParent	gptkb:Software_and_Data_Integrity_Failures
gptkbp:bfsLayer	6