What Is a Deserialization Attack? What is the Impact of Deserialization Vulnerabilities? What are the Risks of Insecure Deserialization? What is a Deserialization DOS Attack? How Can We Protect Against Deserialization Vulnerabilities? How Can We Prevent Deserialization of User-Controllable Data? A deserialization vulnerability or attack can affect a web application in many ways. A deserialization process may be necessary to store an object or transfer it from one place to another. However, deserialization does not discriminate between objects, and an attacker may manipulate the object’s attributes or insert a new one to make the application vulnerable. The risk varies depending on the type of application and the serialized object.
What Is a Deserialization Attack?