Deserialization of Untrusted Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The code is deserializing data from the event object using methods like Marshal.load, YAML.load, or CSV.load. Deserializing untrusted user input in this way is unsafe and can let attackers execute malicious code.
Impact#
If exploited, an attacker could run arbitrary code on your server, gain unauthorized access to sensitive data, or take control of the application. This could lead to data breaches, system compromise, or full takeover of your application infrastructure.