Insecure deserialization
Description
The system deserializes objects without first validating their content nor casting them to a specific type.
Impact
Enable to control the application execution flow.
Recommendation
Validate the incoming serialized objects and only deserialize them if they meet expected properties.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
H
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P