While the Java and .NET deserialization issues were limited to third-party libraries, having deserialization issues impact Ruby itself greatly increases a hacker's attack surface.

Java Deserialization: Running Faster Than a Bear Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are ...

Basic support was added in #148. Its implementation assumes that all fields of a Java record are present in the JSON. This issue is about improving the deserialization to support absent fields in t ...

Currently deserialization fails with Failed to create an instance of SomeClass due to (java.lang.IllegalArgumentException): argument type mismatch in case the field order doesn't match (see this ...

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.

Java Deserialization Flaw Patched in 19 Products Among the most noteworthy aspects of the April CPU is the CVE-2016-1000031 Java flaw that is being patched across 19 Oracle products.

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.