TheServerSide

ObjectOutputStream example: A Java object serialization tutorial

Community driven content discussing all aspects of software development from DevOps to design patterns. In this Java serialization example, we will use both the ObjectOutputStream and the ...
CSOonline

Critical deserialization bugs in Adobe, Oracle software actively exploited, warns CISA

CISA is warning Adobe and Oracle customers about in-the-wild exploitation of critical vulnerabilities affecting the services of these leading enterprise software providers. The US cybersecurity ...
Hacker

Sound Call Graph Construction for Java Object Deserialization: Background

We publish the best academic work (that's too often lost to peer reviews & the TA's desk) to the global tech community byEScholar: Electronic Academic Papers for Scholars@escholar byEScholar: ...
Dark Reading

Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE

More than eight years after it first came to light, an unauthenticated Java deserialization vulnerability lurking in the Google Web Toolkit open source application framework remains unpatched, and ...
HotHardware

Minecraft Mods Expose Gamers To Alarming BleedingPipe Exploit, What You Need To Know

Minecraft players and server operators are facing new security risks following the discovery of a vulnerability in certain mods and subsequent mod packs that allows remote code execution if exploited.
Windows Central

Minecraft mod security exploit leaves players vulnerable to RCE attack

The Minecraft community has caught wind of a new Java deserialization exploit called BleedingPipe that affects a large number of popular mods. Players that install these mods or play on a server that ...
IEEE

Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation

Abstract: Java (de)serialization is prone to causing security-critical vulnerabilities that attackers can invoke existing methods (gadgets) on the application's classpath to construct a gadget chain ...