Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't ...

While the Java and .NET deserialization issues were limited to third-party libraries, having deserialization issues impact Ruby itself greatly increases a hacker's attack surface.

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.

The hotfix also includes an updated version of Apache BlazeDS to help mitigate Java deserialization (CVE-2017-2066). The latest version of BlazeDS, a Java-based remote messaging feature, ...

The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects.

After determining that the PayPal site was vulnerable to Java deserialization, Stepankin was able to exploit the flaw in order to execute arbitrary commands on its underlying Web server.