For example, in July this year, a critical vulnerability (CVE-2021-35464) in ForgeRock’s OpenAM stemmed from unsafe Java deserialization in the Jato framework used by the application.

Oracle's latest Critical Patch Update, the first of 2017, left Java security maven and Waratek CTO John Matthew Holt scratching his head about Big O's fix for a particular vulnerability: CVE 2017-3241 ...

"The Java deserialization vulnerability in Apache Commons Collections is an interesting example of an open-source, third-party component vulnerability, because it went from unknown to critical and ...

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.

A Java serialization vulnerability disclosed more than a year ago figured to have a long shelf life. It lived in popular Java application development frameworks such as Apache Commons Collections ...

Deserialization, in turn, is the reverse process: That’s the mechanism whereby the byte stream is used to recreate the actual Java object in memory, used to persist the object.