Description

Serialization is the process of turning some object into a data format that can be restored later. People often serialize objects in order to save them to storage or to send as part of communications. Deserialization is the reverse of that process -- taking data structured from some format, and rebuilding it into an object.

It was determined that your web application performs JSON deserialization of user-supplied data using Json-io library with the support of Polymorphic Type Handling. Arbitrary JSON deserialization using Json-io is inherently unsafe, and should never be performed on untrusted data. Consult Web references section for more information about this issue.

Remediation

JSON Deserialization using Json-io should not be performed on user-supplied data.

References

Related Vulnerabilities