Java Deserialization

1.0Glosarixhttps://glosarix.com/en/Team Glosarixhttps://glosarix.com/en/author/adm_glosarix/Java Deserialization - Glosarixrich600338<blockquote class="wp-embedded-content" data-secret="6Fk7ISXlNy"><a href="https://glosarix.com/en/glossary/java-deserialization-en/">Java Deserialization</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://glosarix.com/en/glossary/java-deserialization-en/embed/#?secret=6Fk7ISXlNy" width="600" height="338" title="“Java Deserialization” — Glosarix" data-secret="6Fk7ISXlNy" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script> /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://glosarix.com/wp-includes/js/wp-embed.min.js </script> Description: Java deserialization is a process that converts a byte stream into a Java object, allowing data to be transferred between different systems or stored persistently. However, this operation can present serious security vulnerabilities, especially when deserializing untrusted data. When an attacker can manipulate the data being deserialized, they can inject malicious code that will […]