Insecure deserialization
Description
The system deserializes objects without first validating their content nor casting them to a specific type.
Impact
Enable to control the application execution flow.
Recommendation
Validate the incoming serialized objects and only deserialize them if they meet expected properties.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.