IEEE

Java Deserialization Vulnerabilities and Mitigations

Abstract: This tutorial provides developers with practical guidance for securely implementing Java Serialization. Java deserialization is a clear and present danger as its widely used both directly by ...
IEEE

Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation

Abstract: Java (de)serialization is prone to causing security-critical vulnerabilities that attackers can invoke existing methods (gadgets) on the application's classpath to construct a gadget chain ...
TheServerSide

ObjectOutputStream example: A Java object serialization tutorial

Community driven content discussing all aspects of software development from DevOps to design patterns. In this Java serialization example, we will use both the ObjectOutputStream and the ...
LinkedIn

Serialization and Deserialization at the Micro Level in Spark

Serialization and deserialization are often treated as abstract system-level concepts, but at the micro level they directly impact the performance, scalability, and efficiency of distributed data ...
CSOonline

Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE

A flaw in code for handling Parquet, Apache’s open-source columnar data file format, allows attackers to run arbitrary code on vulnerable instances. The vulnerability, tracked as CVE-2025-30065, is a ...
LinkedIn

Modern Serialization Strategies in Java: Alternatives to Java Object Serialization

Serialization is a core concept in Java that allows objects to be converted into a format suitable for storage or transmission and later reconstructed. While Java’s built-in serialization mechanism ...
The Hacker News

Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under ...
The Hacker News

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances ...
GitHub

Java-Deserialization-Cheat-Sheet

Click1 @artsploit click-nodeps:2.3.0, javax.servlet-api:3.1.0 Clojure @JackOfMostTrades clojure:1.8.0 CommonsBeanutils1 @frohoff commons-beanutils:1.9.2, commons-collections:3.1, commons-logging:1.2 ...
TheServerSide

How Java 17 records work

Java has always been criticized for being too verbose. While that criticism is largely unfounded, language architects and community enthusiasts have always strived to make the language simpler and ...
InfoWorld

Shallow and deep copy: Two ways to copy objects in Java

Copying objects is a common Java programming operation that has one serious trap. Here's how to avoid copying from an object reference and only copy the instance and values you want. Copying objects ...