Skip to content
← Back to Glossary
Critical

Insecure Deserialization

Executing arbitrary code by manipulating serialized objects.

Insecure deserialization occurs when untrusted data is deserialized without validation. Attackers craft malicious serialized objects (PHP, Java, Python pickle) that execute code during deserialization. Can lead to RCE. Use simple data formats like JSON instead.

Related Terms

See if your app is vulnerable

Vezraa checks for related security issues. Scan in 25 seconds.

Insecure Deserialization — Security Glossary | Vezraa