Description

Serialization is the process of turning some object into a data format that can be restored later. People often serialize objects in order to save them to storage, or to send as part of communications. Deserialization is the reverse of that process -- taking data structured from some format, and rebuilding it into an object.

It was determined that your web application is performing .NET BinaryFormatter deserialization of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. Consult Web references section for more information about this issue.

Remediation

.NET BinaryFormatter Deserialization should not be performed on user-supplied data.

References

Related Vulnerabilities