The flaw resides in java.io.ObjectInputStream , which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to ...

The vulnerability in Ruby's standard template library ERB, registered under CVE-2026-41316 (CERT-Bund: WID-SEC-2026-1187), bypasses the built-in protection against malicious deserialization. Rails ...

Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring ...

The Singleton pattern ensures that a class has only one instance and provides a global access point to it. At first glance, the implementation looks simple. In reality, writing a production-ready ...

Community driven content discussing all aspects of software development from DevOps to design patterns. In this Java serialization example, we will use both the ObjectOutputStream and the ...

A few weeks ago, a critical vulnerability allowing arbitrary remote code execution on clients and servers (and therefore all connected clients on a server) was discovered in many Minecraft mods. We ...

In 2024, more than 40,000 Common Vulnerabilities and Exposures (CVEs) were created and disclosed for vulnerabilities in open source software. Couple this with our own research indicating that the ...

Recent years have seen numerous injection attacks causing significant damage, including a 2019 SQL injection breach in the Fortnite video game and a 2018 attack on Tesla's systems. Other serious ...

Java has always been criticized for being too verbose. While that criticism is largely unfounded, language architects and community enthusiasts have always strived to make the language simpler and ...

Copying objects is a common Java programming operation that has one serious trap. Here's how to avoid copying from an object reference and only copy the instance and values you want. Copying objects ...