Deserialization of Untrusted Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description#
User-supplied data is being deserialized using functions from insecure libraries like ’node-serialize’ or ‘serialize-to-js’. This allows attackers to send specially crafted input that can execute malicious code when processed.
Impact#
If exploited, an attacker could run arbitrary code on your server, potentially leading to full system compromise, data theft, or service disruption. This can result in severe security breaches and loss of trust in your application.