News

CSOonline4mon
Attackers hide malicious code in Hugging Face AI model Pickle files
or in Python terminology: pickling and unpickling. The process of serialization and deserialization, especially of input from untrusted sources, has been the cause of many remote code execution ...
ZDNet6y
Deserialization issues also affect Ruby, not just Java, PHP, and .NET
The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem ...
PC World9y
PayPal is the latest victim of Java deserialization bugs in Web apps
The vulnerability is part of a class of bugs that stem from Java object deserialization and which security researchers have warned about a year ago. In programming languages, serialization is the ...
ZDNet9y
IBM discovers Android serialization vulnerability allows arbitrary code execution
IBM's x-force application security research team has discovered a security vulnerability in the way that Android handles deserialization ... serialization process. "Since the generated vulnerable ...