Deserialization of Untrusted Data
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Using FsPickler with its default settings can allow deserialization of untrusted data, which opens the door to insecure deserialization attacks. This happens because the library may execute unexpected or malicious code when handling input data.
Impact#
If exploited, an attacker could send specially crafted data to execute arbitrary code, escalate privileges, or gain unauthorized access to sensitive resources on your server. This can lead to full system compromise, data breaches, or further attacks against your infrastructure.