SYM_JSTS_0068 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Deserialization of Untrusted Data
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description
User-supplied data is being deserialized using functions from insecure libraries like 'node-serialize' or 'serialize-to-js'. This allows attackers to send specially crafted input that can execute malicious code when processed.
Impact
If exploited, an attacker could run arbitrary code on your server, potentially leading to full system compromise, data theft, or service disruption. This can result in severe security breaches and loss of trust in your application.