Security Boulevard

Relution Remote Code Execution via Java Deserialization Vulnerability

In this article we discuss a recent deserialization vulnerability we found in Relution (CVE-2023-48178), a mobile device management product that is popular among multinational German corporations. CVE ...
TechRepublic

Serialization in Java Tutorial with Examples

Learn about serialization in Java with our comprehensive tutorial. We provide examples to help you understand how serialization works and how to use it. Serialization is a fundamental concept in Java ...
GitHub

Failing to serialize java.time.* objects into json

I'm trying to run an integration using Camel-K 1.12.0 that serializes java.time classes into json, and I'm having issues with the use of javaTimeModule. 2023-07-07 19 ...
GitHub

Serialize response failed #12160

java.lang.RuntimeException: Serialized class org.apache.dubbo.rpc.TriRpcStatus must implement java.io.Serializable Java field: private final org.apache.dubbo.rpc ...
healthcarepackaging

Serialization 101

In the realm of pharmaceuticals, there are some concerning statistics according to the Pharmaceutical Research and Manufacturers of America. One in ten medicines worldwide are presumed to be ...
ZDNet

Java unserialize remote code execution hole hits Commons Collections, JBoss, WebSphere, WebLogic

Researchers from Foxglove Security have reportedly discovered a remote code execution hole in the widely used Apache Commons library, thanks to the insecure method in which Java unserializes objects, ...
InfoWorld

Java Enums Are Inherently Serializable

More than once, I have seen code such as the following (without the comments I have added to point out flaws), in which a well-intentioned Java developer has ensured that their favorite Enum ...